Skip to main content

CVE-2026-34849

| EUVDEUVD-2026-21829 LOW
Race Condition (CWE-362)
2026-04-13 huawei
2.5
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.5 LOW
AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 13, 2026 - 05:26 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 05:15 euvd
EUVD-2026-21829
Analysis Generated
Apr 13, 2026 - 05:15 vuln.today
CVE Published
Apr 13, 2026 - 03:58 nvd
LOW 2.5

DescriptionCVE.org

UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Use-after-free vulnerability in HarmonyOS screen management module allows local, unauthenticated attackers with user interaction to cause denial of service through a race condition. CVSS score of 2.5 reflects low severity with availability impact only; no confidentiality or integrity compromise. No public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

The vulnerability exists in HarmonyOS screen management module as a use-after-free (CWE-362: Concurrent Execution Using Shared Resource with Improper Synchronization) condition. UAF vulnerabilities occur when a program references memory that has been freed, typically due to improper synchronization between concurrent operations or inadequate lifecycle management. In this case, a race condition in screen resource management allows an attacker to access or manipulate freed memory objects. The attack requires local access and user interaction (triggering UI actions), making it a client-side vulnerability rather than a network-facing one. The race condition nature suggests the vulnerability manifests under specific timing windows during concurrent screen state transitions.

RemediationAI

Apply the security patch released by Huawei through the official security bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/. Users should check the bulletin for their specific device model to obtain the patched HarmonyOS version, as fix versions vary by device hardware platform. Enable automatic system updates to receive patches as released. Until patching is possible, minimize use of screen management features and close unnecessary applications to reduce likelihood of triggering the race condition during concurrent screen state transitions, though this is not a reliable workaround.

Share

CVE-2026-34849 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy