#VU22803 Race condition


Published: 2019-11-15

Vulnerability identifier: #VU22803

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-5228

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
P30
Client/Desktop applications / Multimedia software
P30 Pro
Client/Desktop applications / Multimedia software
Honor V20
Client/Desktop applications / Multimedia software

Vendor: Huawei

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists in certain detection module due to a race condition when the system does not lock certain function properly. A local user can trick a victim to install a malicious application, trigger out of bound write and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

P30: All versions

P30 Pro: All versions

Honor V20: All versions


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability