{"containers": {"cna": {"affected": [{"product": "EMUI;Magic UI", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0"}, {"status": "affected", "version": "Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0"}]}], "descriptions": [{"lang": "en", "value": "A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "Buffer Underwrite", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-01T17:51:54", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://consumer.huawei.com/cn/support/bulletin/2021/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9147", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMUI;Magic UI", "version": {"version_data": [{"version_value": "EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0"}, {"version_value": "Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Underwrite"}]}]}, "references": {"reference_data": [{"name": "https://consumer.huawei.com/cn/support/bulletin/2021/1", "refsource": "MISC", "url": "https://consumer.huawei.com/cn/support/bulletin/2021/1"}]}}}}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9147", "datePublished": "2021-04-01T17:51:54", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2021-04-01T17:51:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "504F2E73-FFD0-4589-8644-FE77656BB28D", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "66AC7F91-917C-40A6-9983-A339EFB091F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7FF0AD1-22C2-423B-822A-E6496CEDAB02", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B701EC6-8208-4D22-95A6-B07D471A8A8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:magic_ui:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A4346-1757-48F9-827C-13EABC357302", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:magic_ui:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFAE846A-00EA-417F-B66F-1F5396BB6139", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:magic_ui:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B655712B-E86C-4BD2-8A99-AEA382C520E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F6066FAB-23F5-4CB2-B89E-B00F8835AC39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de error de b\u00fafer de la memoria en la interfaz de un componente del Smartphone Huawei. Los atacantes locales pueden explotar esta vulnerabilidad construyendo cuidadosamente escenarios de ataque para provocar una lectura fuera de los l\u00edmites."}], "id": "CVE-2020-9147", "lastModified": "2022-06-28T14:11:45.273", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-01T18:15:12.417", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/cn/support/bulletin/2021/1"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}