#VU23413 Out-of-bounds read


Published: 2019-12-05

Vulnerability identifier: #VU23413

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-5224

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
P30
Client/Desktop applications / Multimedia software

Vendor: Huawei

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when the system does not properly validate certain length parameter which an application transports to kernel. A local user can trick a victim to install a malicious application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

P30: All versions


CPE

External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-03-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability