First published: Mon Oct 12 2020(Updated: )
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei P30 Pro Firmware | <10.1.0.160\(c00e160r2p8\) | |
HUAWEI P30 Pro |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Huawei P30 Pro vulnerability is CVE-2020-9108.
The severity level of CVE-2020-9108 is high.
The vulnerability in Huawei P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) allows an unauthenticated attacker to perform out-of-bounds read and write, potentially leading to remote code execution or unauthorized access to sensitive information.
The affected software for CVE-2020-9108 is Huawei P30 Pro firmware versions earlier than 10.1.0.160(C00E160R2P8).
To mitigate the vulnerability, update your Huawei P30 Pro firmware to version 10.1.0.160(C00E160R2P8) or later.