CVE-2019-5282

Published Nov 13, 2019

Last updated 5 years ago

CVSS high 7.8

Overview

Description: Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-415

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-al00a:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8AC84A74-7F01-4434-896C-B9B595984F23"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-al00a_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96618503-F4A9-4D28-8F2F-7E100BA1DD5A",
            "versionEndExcluding": "emily-al00a_9.0.0.182\\(c00e82r1p21\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-tl00b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "010C3645-3C82-47F0-908C-9B4CFFC503CD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-tl00b_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEAD8FD1-2AF8-4A61-85B7-B6998B0CF2C2",
            "versionEndExcluding": "emily-tl00b_9.0.0.182\\(c01e82r1p21\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-l09c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AF8CFD3F-D454-4E8E-A6BE-E36ED1929DAA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-l09c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F445225-2435-4A85-AD1C-80B6FC1A5CF6",
            "versionEndExcluding": "emily-l09c_9.0.0.203\\(c432e7r1p11\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "048BEA40-729F-4969-98D9-C3D6FBC0E70C",
            "versionEndExcluding": "emily-l29c_9.0.0.203\\(c432e7r1p11\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCF69329-581F-465F-90D5-5ED8B9D7FA8D",
            "versionEndExcluding": "emily-l29c_9.0.0.202\\(c185e2r1p12\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "734685B2-3F5D-4D7D-B629-47E4AEDF6344",
            "versionEndExcluding": "emily-l29c_9.0.0.207\\(c636e7r1p13\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:emily-l29c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5D370342-02DA-4859-B98B-0A3F78EACAEE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:emily-l29c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B7C6A9-96A6-4694-8592-F60453A14F4B",
            "versionEndExcluding": "emily-l29c_9.0.0.205\\(c635e2r1p11\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:hima-l09ca:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77D87F4E-CF65-4AFE-90EC-B5492955AE40"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:hima-l09ca_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3901CB80-49CF-4444-9D45-FCA1CAE86283",
            "versionEndExcluding": "hima-l09ca_9.0.0.198\\(c432e10r1p16\\)"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:hima-l29ca_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "503B6836-F944-4E87-9E7C-D2A4DCC1F5F7",
            "versionEndExcluding": "hima-l29ca_9.0.0.198\\(c432e10r1p16\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:hima-l29ca:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8867E2C6-DBD5-4631-B77F-068EF1E6D0F5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:hima-l29c_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2117F0CB-A6ED-4208-8376-0D6DC0992814",
            "versionEndExcluding": "hima-l29c_9.0.0.204\\(c636e10r2p1\\)"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:hima-l29c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "366DC5C5-9276-4921-9ABD-92941B0CEE6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References