First published: Tue Nov 12 2019(Updated: )
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei P30 Firmware | <elle-al00b_9.1.0.193\(c00e190r1p21\) | |
HUAWEI P30 | ||
Huawei P30 Pro Firmware | <vogue-al00a_9.1.0.193\(c00e190r1p12\) | |
HUAWEI P30 Pro | ||
Huawei Honor V20 Firmware | <princeton-al10b_9.1.0.233\(c00e233r4p3\) | |
Huawei Honor V20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5228 is a race condition vulnerability in certain detection modules of P30, P30 Pro, and Honor V20 smartphones.
CVE-2019-5228 affects Huawei P30, P30 Pro, and Honor V20 smartphones with specific firmware versions.
The severity of CVE-2019-5228 is high, with a CVSS score of 7.8.
To check if your smartphone is vulnerable, verify the firmware version on your device.
To fix CVE-2019-5228, update your smartphone's firmware to the latest version provided by Huawei.