PT-2019-17556 · Huawei · Bastet
Published
2019-11-13
·
Updated
2019-11-15
·
CVE-2019-5282
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bastet module of some Huawei smartphones versions earlier than 9.0.0.182(C00E82R1P21)
Bastet module of some Huawei smartphones versions earlier than 9.0.0.182(C01E82R1P21)
Bastet module of some Huawei smartphones versions earlier than 9.0.0.203(C432E7R1P11)
Bastet module of some Huawei smartphones versions earlier than 9.0.0.202(C185E2R1P12)
Description
The issue is related to a double free vulnerability. An attacker could trick a user into installing a malicious application, which would free the same memory address twice. This could result in malicious code execution.
Recommendations
For versions earlier than 9.0.0.182(C00E82R1P21), update to a version later than 9.0.0.182(C00E82R1P21).
For versions earlier than 9.0.0.182(C01E82R1P21), update to a version later than 9.0.0.182(C01E82R1P21).
For versions earlier than 9.0.0.203(C432E7R1P11), update to a version later than 9.0.0.203(C432E7R1P11).
For versions earlier than 9.0.0.202(C185E2R1P12), update to a version later than 9.0.0.202(C185E2R1P12).
Fix
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bastet