CVE-2020-9104

21.08.2020, 14:15

HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
huawei	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 14%

Vendor	Product	Version
huawei	p30_firmware	𝑥 < 10.1.0.123\(c431e22r2p5\)
huawei	p30_firmware	𝑥 < 10.1.0.123\(c432e22r2p5\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c10e7r5p1\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c185e4r7p1\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c461e7r3p1\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c605e19r1p3\)
huawei	p30_firmware	𝑥 < 10.1.0.126\(c636e7r3p4\)
huawei	p30_firmware	𝑥 < 10.1.0.128\(c635e3r2p4\)
huawei	p30_firmware	𝑥 < 10.1.0.160\(c00e160r2p11\)
huawei	p30_firmware	𝑥 < 10.1.0.160\(c01e160r2p11\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en