SB2021012813 - Multiple vulnerabilities in Huawei Mate 30
Published: January 28, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2021-22305)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a module does not verify some input when dealing with messages. A local attacker can trigger memory corruption and cause a denial of service on the target system.
2) Buffer overflow (CVE-ID: CVE-2021-22301)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-22307)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a weak algorithm issue. A local attacker can affect the integrity of certain module.
4) Out-of-bounds read (CVE-ID: CVE-2021-22306)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. An attacker with physical access can trigger out-of-bounds read error and cause a denial of service condition on the system.
Remediation
Install update from vendor's website.
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-04-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-01-buffer-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-06-smartphone-en
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-05-smartphone-en