CVE-2020-1792

Published: Feb 28, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot.

Affected (2)

Products: Huawei: Honor V10 Firmware

1 product

Honor V10 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor V10 Firmware	Before bkl-al20_10.0.0.156\(c00e156r2p4\)

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor V10 Firmware	Before bkl-l09_10.0.0.146\(c432e4r1p4\)

Running on/with	Platform Versions
Huawei Honor V10	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200226-01-smartphone-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200226-01-smartphone-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.