CVE-2019-5264 — MEDIUM (4.6)

Q: How severe is CVE-2019-5264?

CVE-2019-5264 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-5264?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 10 Firmware, Huawei Mate 10, Huawei Mate 10 Pro Firmware, Huawei Mate 10 Pro, Huawei Honor V10 Firmware.

Vulnerability Description

There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition. Successful exploit could cause information disclosure.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Huawei	Mate 10 Firmware	< 9.0.0.167\(c00e85r2p20t8\)
Huawei	Mate 10	-
Huawei	Mate 10 Pro Firmware	< 9.0.0.167\(c00e87r2p15t8\)
Huawei	Mate 10 Pro	-
Huawei	Honor V10 Firmware	< 9.0.0.156\(c00e156r2p14t8\)
Huawei	Honor V10	-
Huawei	Changxiang 7S Firmware	< 9.1.0.107\(c00e107r2p8t8\)
Huawei	Changxiang 7S	-
Huawei	P-Smart Firmware	< 9.1.0.119\(c636e5r1p1t8\)
Huawei	P-Smart	-
Huawei	Changxiang 8 Plus Firmware	< 9.1.0.111\(c00e111r1p6t8\)
Huawei	Changxiang 8 Plus	-
Huawei	Y9 2018 Firmware	< 9.1.0.115\(c432e5r1p1t8\)
Huawei	Y9 2018	-
Huawei	Honor 9 Lite Firmware	< 9.1.0.113\(c00e111r2p10t8\)
Huawei	Honor 9 Lite	-
Huawei	Honor 9I Firmware	< 9.1.0.121\(c432e4r1p3t8\)
Huawei	Honor 9I	-
Huawei	Mate 9 Firmware	< 9.0.1.158\(c432e6r1p8t8\)
Huawei	Mate 9	-

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartpVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191211-01-smartpVendor Advisory

FAQ

What is CVE-2019-5264?

CVE-2019-5264 is a vulnerability with a CVSS score of 4.6 (MEDIUM). There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The softwar...

How severe is CVE-2019-5264?

CVE-2019-5264 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-5264?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Mate 10 Firmware, Huawei Mate 10, Huawei Mate 10 Pro Firmware, Huawei Mate 10 Pro, Huawei Honor V10 Firmware.