PT-2019-17515 · Huawei · Huawei P30+2
Published
2019-11-29
·
Updated
2019-12-06
·
CVE-2019-5225
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei P30 versions prior to ELLE-AL00B 9.1.0.193(C00E190R1P21)
Huawei Mate 20 versions prior to Hima-AL00B 9.1.0.135(C00E200R2P1)
Huawei P30 Pro versions prior to VOGUE-AL00A 9.1.0.193(C00E190R1P12)
Description
The system does not properly validate certain length parameters that an application transports to the kernel, resulting in a buffer overflow issue. An attacker could trick a user into installing a malicious application, and a successful exploit could cause malicious code execution.
Recommendations
For Huawei P30 versions prior to ELLE-AL00B 9.1.0.193(C00E190R1P21), update to version ELLE-AL00B 9.1.0.193(C00E190R1P21) or later.
For Huawei Mate 20 versions prior to Hima-AL00B 9.1.0.135(C00E200R2P1), update to version Hima-AL00B 9.1.0.135(C00E200R2P1) or later.
For Huawei P30 Pro versions prior to VOGUE-AL00A 9.1.0.193(C00E190R1P12), update to version VOGUE-AL00A 9.1.0.193(C00E190R1P12) or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Mate 20
Huawei P30
Huawei P30 Pro