← Back

CVE-2019-5216

nvd nist
Published: Jun 6, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code.

Affected (3)

Huawei
3 products
Honor View 10 Firmware
Honor 10 Firmware
Honor Play Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Honor View 10 Firmware
Before berkeley-al20_9.0.0.156\(c00e156r2p14t8\)
Running on/withPlatform Versions
Huawei
Honor View 10
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Honor 10 Firmware
Before columbia-al10b_9.0.0.156\(c00e156r1p20t8\)
Running on/withPlatform Versions
Huawei
Honor 10
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Honor Play Firmware
Before cornell-al00a_9.0.0.156\(c00e156r1p13t8\)
Running on/withPlatform Versions
Huawei
Honor Play
All versions

Related CWEs

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.