CVE-2019-5228 : Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions ea

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

Published 2019-11-12 23:15:10

Updated 2021-07-21 11:39:24

Source Huawei Technologies

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2019-5228

Huawei » P30 Firmware
Versions before (<) elle-al00b_9.1.0.193\(c00e190r1p21\)
cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » P30 » Version: N/A
Huawei » P30 Pro Firmware
Versions before (<) vogue-al00a_9.1.0.193\(c00e190r1p12\)
cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » P30 Pro » Version: N/A
Huawei » Honor V20 Firmware
Versions before (<) princeton-al10b_9.1.0.233\(c00e233r4p3\)
cpe:2.3:o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Huawei » Honor V20 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-5228

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-5228

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-5228

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-5228

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en

Security Advisory - Race Condition Vulnerability on Several Smartphones
Vendor Advisory

Jump to

Vulnerability Details : CVE-2019-5228

Products affected by CVE-2019-5228

Exploit prediction scoring system (EPSS) score for CVE-2019-5228

CVSS scores for CVE-2019-5228

CWE ids for CVE-2019-5228

References for CVE-2019-5228