Skip to main content

EUVDEUVD-2026-21804

| CVE-2026-34867 MEDIUM
Double Free (CWE-415)
2026-04-13 huawei GHSA-84fx-xj3c-r25h
5.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.6 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 13, 2026 - 04:25 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 04:15 euvd
EUVD-2026-21804
Analysis Generated
Apr 13, 2026 - 04:15 vuln.today
CVE Published
Apr 13, 2026 - 03:50 nvd
MEDIUM 5.6

DescriptionCVE.org

Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Double free vulnerability in Huawei HarmonyOS multi-mode input system allows local authenticated users with user interaction to cause information disclosure and denial of service. The vulnerability affects availability through memory corruption, with a CVSS score of 5.6 indicating moderate risk. No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

This vulnerability exists in HarmonyOS's multi-mode input subsystem and is classified as CWE-415 (Double Free). Double free vulnerabilities occur when memory is deallocated twice, leading to heap corruption that can trigger denial of service or information disclosure. The attack requires local access and authenticated privileges, suggesting the input system processes untrusted data from local authenticated sessions. The multi-mode input system likely handles various input modes (keyboard, touch, voice, etc.) and improper reference counting or cleanup logic in this handler creates the double-free condition.

RemediationAI

Huawei users should immediately apply vendor-released security updates from the official Huawei consumer support bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/ for consumer devices or https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/ for laptops. Exact patched versions are not specified in the provided advisory data; users must download patches directly from Huawei. Interim mitigations include restricting local access to HarmonyOS devices to trusted users and minimizing use of multi-mode input features until patches are applied. No workaround is specified in the available data.

Share

EUVD-2026-21804 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy