CVE-2019-5288

HIGH

P30 <ELLE-AL00B 9.1.0.193(C00E190R2P1 - Code Injection

Title source: llm

Description

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190925-01-smartphone-en

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (1)

huawei/p30_firmware < elle-al00b_9.1.0.193\(c00e190r2p1\)

Published Nov 13, 2019

Tracked Since Feb 18, 2026