Skip to main content

Mate 30 Firmware CVE-2020-9129

MEDIUM
Out-of-bounds Write (CWE-787)
2020-11-13 psirt@huawei.com
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 13, 2020 - 15:15 nvd
MEDIUM 6.7

DescriptionNVD

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow.

AnalysisAI

HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. Affected products include: Huawei Mate 30 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2020-0022 HIGH POC
8.8 Feb 13

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds cal

CVE-2020-9263 HIGH
7.8 Oct 19

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11

CVE-2020-9262 HIGH
7.8 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. Rated high severi

CVE-2020-9261 HIGH
7.8 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. Rated high severi

CVE-2021-22301 MEDIUM
6.7 Feb 06

Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. Rated medium severity (CVSS 6.7), this vulnerabili

CVE-2020-9125 MEDIUM
6.7 Dec 29

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2).

CVE-2020-1835 MEDIUM
6.5 Jun 18

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. Rated me

CVE-2020-1839 MEDIUM
6.3 Jul 06

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a race condition vulnerability. Rated medium seve

CVE-2020-9119 MEDIUM
6.2 Dec 24

There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. Rated medium severity (

CVE-2021-22364 MEDIUM
5.5 May 27

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E

CVE-2021-22307 MEDIUM
5.5 Feb 06

There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). Rated medium severity (CVSS 5.5), this vulner

CVE-2020-9243 MEDIUM
5.5 Aug 10

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. Rated medium s

Share

CVE-2020-9129 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy