Vulnerability Description
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | P30 Firmware | < elle-al00b_9.1.0.193\(c00e190r1p21\) |
| Huawei | P30 | - |
| Huawei | P30 Pro Firmware | < vogue-al00a_9.1.0.193\(c00e190r1p12\) |
| Huawei | P30 Pro | - |
| Huawei | Honor V20 Firmware | < princeton-al10b_9.1.0.233\(c00e233r4p3\) |
| Huawei | Honor V20 | - |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphVendor Advisory
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphVendor Advisory
FAQ
What is CVE-2019-5228?
CVE-2019-5228 is a vulnerability with a CVSS score of 7.8 (HIGH). Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earli...
How severe is CVE-2019-5228?
CVE-2019-5228 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5228?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei P30 Firmware, Huawei P30, Huawei P30 Pro Firmware, Huawei P30 Pro, Huawei Honor V20 Firmware.