Description
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
30.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
CWE-787
Status
published
Products (3)
huawei/honor_v20_firmware
< princeton-al10b_9.1.0.233\(c00e233r4p3\)
huawei/p30_firmware
< elle-al00b_9.1.0.193\(c00e190r1p21\)
huawei/p30_pro_firmware
< vogue-al00a_9.1.0.193\(c00e190r1p12\)
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026