CVE-2019-5214 - OpenCVE

There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Huawei	Mate 10 Firmware Mate 10

Configuration 1 [-]

AND

cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: huawei

Published: 2019-06-06T14:18:43

Updated: 2019-06-06T14:18:43

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5214

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-06-06T15:29:01.110

Modified: 2019-06-10T13:56:16.983

Link: CVE-2019-5214

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "Huawei Mate10", "vendor": "Huawei", "versions": [{"status": "affected", "version": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)"}]}], "datePublic": "2019-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."}], "problemTypes": [{"descriptions": [{"description": "Use After Free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-06T14:18:43", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2019-5214", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Huawei Mate10", "version": {"version_data": [{"version_value": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)"}]}}]}, "vendor_name": "Huawei"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use After Free"}]}]}, "references": {"reference_data": [{"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2019-5214", "datePublished": "2019-06-06T14:18:43", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2019-06-06T14:18:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:mate_10_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "10309F55-D533-48B6-8CF7-00E91250EBD2", "versionEndExcluding": "alp-al00b_9.0.0.167\\(c00e85r2p20t8\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:mate_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "394490F2-5E47-4A28-A71C-075DBBA34C9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de uso de la memoria previamente liberada (use after free) en ciertos componentes del controlador en tel\u00e9fonos inteligentes Mate10 de Huawei versiones anteriores a ALP-AL00B 9.0.0.167 (C00E85R2P20T8). Un atacante enga\u00f1a al usuario para instalar una aplicaci\u00f3n maliciosa, lo que hace que el software haga referencia a la memoria despu\u00e9s de que se haya liberado. La explotaci\u00f3n exitosa podr\u00eda causar una condici\u00f3n de Denegaci\u00f3n de Servicio."}], "id": "CVE-2019-5214", "lastModified": "2019-06-10T13:56:16.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-06T15:29:01.110", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}