← Back

CVE-2019-5282

nvd nist
Published: Nov 13, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.

Affected (10)

Huawei
7 products
Emily Al00a Firmware
Emily Tl00b Firmware
Emily L09c Firmware
Emily L29c Firmware
Hima L09ca Firmware
Hima L29ca Firmware
Hima L29c Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emily Al00a Firmware
Before emily-al00a_9.0.0.182\(c00e82r1p21\)
Running on/withPlatform Versions
Huawei
Emily Al00a
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emily Tl00b Firmware
Before emily-tl00b_9.0.0.182\(c01e82r1p21\)
Running on/withPlatform Versions
Huawei
Emily Tl00b
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emily L09c Firmware
Before emily-l09c_9.0.0.203\(c432e7r1p11\)
Running on/withPlatform Versions
Huawei
Emily L09c
All versions
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Emily L29c Firmware
Before emily-l29c_9.0.0.203\(c432e7r1p11\)
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Emily L29c Firmware
Before emily-l29c_9.0.0.202\(c185e2r1p12\)
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Emily L29c Firmware
Before emily-l29c_9.0.0.207\(c636e7r1p13\)
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Emily L29c Firmware
Before emily-l29c_9.0.0.205\(c635e2r1p11\)
Running on/withPlatform Versions
Huawei
Emily L29c
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hima L09ca Firmware
Before hima-l09ca_9.0.0.198\(c432e10r1p16\)
Running on/withPlatform Versions
Huawei
Hima L09ca
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hima L29ca Firmware
Before hima-l29ca_9.0.0.198\(c432e10r1p16\)
Running on/withPlatform Versions
Huawei
Hima L29ca
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hima L29c Firmware
Before hima-l29c_9.0.0.204\(c636e10r2p1\)
Running on/withPlatform Versions
Huawei
Hima L29c
All versions

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.