Multiple vulnerabilities in several Huawei smartphones



| Updated: 2019-12-05
Risk Low
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2019-5228
CVE-2019-5288
CVE-2019-5287
CVE-2019-5229
CVE-2019-5227
CVE-2019-5226
CVE-2019-5225
CVE-2019-5224
CWE-ID CWE-362
CWE-190
CWE-345
CWE-354
CWE-119
CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 P30
Client/Desktop applications / Multimedia software

P30 Pro
Client/Desktop applications / Multimedia software

Honor V20
Client/Desktop applications / Multimedia software

Huawei Mate 20
Client/Desktop applications / Multimedia software

Huawei HiSuite
Mobile applications / Apps for mobile phones

Vendor Huawei

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

Updated 05.12.2019
Added vulnerabilities #5-8

1) Race condition

EUVDB-ID: #VU22803

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5228

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists in certain detection module due to a race condition when the system does not lock certain function properly. A local user can trick a victim to install a malicious application, trigger out of bound write and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

P30 Pro: before 9.1.0.193

Honor V20: before 9.1.0.233

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU22802

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5288

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists because of integer overflow due to insufficient check on specific parameters. A local user can trick the victim to install a malicious application, obtain the root permission, construct specific parameters to the camera program, trigger integer overflow and execute arbitrary code on the target system or break down the program.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU22801

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5287

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists because of integer overflow due to insufficient check on specific parameters. A local user can trick the victim to install a malicious application, obtain the root permission, construct specific parameters to the camera program, trigger integer overflow and execute arbitrary code on the target system or break down the program.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Insufficient verification of data authenticity

EUVDB-ID: #VU22800

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:P/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5229

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to the target system does not verify certain parameters sufficiently. An authenticated attacker with physical access to the device can connect to the phone, gain high privilege and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-02-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper validation of integrity check value

EUVDB-ID: #VU23416

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5227

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected devices and software do not validate the upgrade package sufficiently. A local user can trick the user to install a malicious application and downgrade the system of smartphone to an older version.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

P30 Pro: before 9.1.0.193

Huawei Mate 20: before 9.1.0.135

Huawei HiSuite: before 9.1.0.305

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper validation of integrity check value

EUVDB-ID: #VU23415

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5226

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected devices and software do not validate the upgrade package sufficiently. A local user can trick the user to install a malicious application and downgrade the system of smartphone to an older version.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

P30 Pro: before 9.1.0.193

Huawei Mate 20: before 9.1.0.135

Huawei HiSuite: before 9.1.0.305

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190904-01-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU23414

Risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5225

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when the system does not properly validate certain length parameter which an application transports to kernel. A local user can trick a victim to install a malicious application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

Huawei Mate 20: before 9.1.0.135

P30 Pro: before 9.1.0.193

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-02-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU23413

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-5224

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when the system does not properly validate certain length parameter which an application transports to kernel. A local user can trick a victim to install a malicious application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

P30: before 9.1.0.193

CPE2.3 External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-03-smartphone-en


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###