Skip to main content

Mate 30 Firmware CVE-2020-1839

MEDIUM
Race Condition (CWE-362)
2020-07-06 psirt@huawei.com
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 06, 2020 - 19:15 nvd
MEDIUM 6.3

DescriptionNVD

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.

AnalysisAI

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-362. HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. There is a timing window exists in which certain pointer members can be modified by another process that is operating concurrently, an attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. Affected products include: Huawei Mate 30 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-0022 HIGH POC
8.8 Feb 13

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds cal

CVE-2020-9263 HIGH
7.8 Oct 19

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11

CVE-2020-9262 HIGH
7.8 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. Rated high severi

CVE-2020-9261 HIGH
7.8 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. Rated high severi

CVE-2021-22301 MEDIUM
6.7 Feb 06

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 6.7), this vulnerabili

CVE-2020-9125 MEDIUM
6.7 Dec 29

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2).

CVE-2020-9129 MEDIUM
6.7 Nov 13

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Rated me

CVE-2020-1835 MEDIUM
6.5 Jun 18

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. Rated me

CVE-2020-9119 MEDIUM
6.2 Dec 24

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. Rated medium severity (

CVE-2021-22364 MEDIUM
5.5 May 27

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E

CVE-2021-22307 MEDIUM
5.5 Feb 06

There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). Rated medium severity (CVSS 5.5), this vulner

CVE-2020-9243 MEDIUM
5.5 Aug 10

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. Rated medium s

Share

CVE-2020-1839 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy