CVE-2021-22304
LOWHuawei Taurus-AL00A Firmware 10.0.0.1(C00E1R1P1) - Use-After-Free via Crafted Message
Title source: llmDescription
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-03-smartphone-en
Scores
CVSS v3
3.3
EPSS
0.0003
EPSS Percentile
8.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-416
Status
published
Products (1)
huawei/taurus-al00a_firmware
10.0.0.1\(c00e1r1p1\)
Published
Feb 06, 2021
Tracked Since
Feb 18, 2026