Search criteria
18 vulnerabilities found for alp-al00b_firmware by huawei
CVE-2019-19412 (GCVE-0-2019-19412)
Vulnerability from nvd – Published: 2020-06-08 18:21 – Updated: 2024-08-05 02:16
VLAI?
Summary
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
Severity ?
No CVSS data available.
CWE
- FRP Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | ALP-AL00B |
Affected:
earlier than 9.0.0.181(C00E87R2P20T8)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
},
{
"product": "Anne-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.168(C00)"
}
]
},
{
"product": "BLA-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
},
{
"product": "BLA-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.172(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.173(C636)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
},
{
"product": "Figo-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
},
{
"product": "Figo-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L31",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
},
{
"product": "Florida-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
},
{
"product": "Florida-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.129(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.131(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.132(C185)"
}
]
},
{
"product": "Florida-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.132(C636)"
}
]
},
{
"product": "Florida-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.144(C605)"
}
]
},
{
"product": "HUAWEI P smart",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P smart,HUAWEI Y7s",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.148(C635)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.156(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.157(C432)"
}
]
},
{
"product": "HUAWEI nova 3e,HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.147(C461)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.148(ZAFC185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.168(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.172(C636)"
}
]
},
{
"product": "Honor View 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
},
{
"product": "Leland-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.182(C00)"
}
]
},
{
"product": "Leland-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.135(C185)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L31A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.139(C432)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:29:39",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
}
},
{
"product_name": "Anne-AL00",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.168(C00)"
}
]
}
},
{
"product_name": "BLA-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
}
},
{
"product_name": "BLA-L09C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"version_value": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"version_value": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.172(C432)"
},
{
"version_value": "earlier than 8.0.0.173(C636)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"version_value": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
}
},
{
"product_name": "Figo-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Figo-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L31",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
}
},
{
"product_name": "Florida-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
}
},
{
"product_name": "Florida-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.129(C605)"
},
{
"version_value": "earlier than 8.0.0.131(C432)"
},
{
"version_value": "earlier than 8.0.0.132(C185)"
}
]
}
},
{
"product_name": "Florida-L22",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.132(C636)"
}
]
}
},
{
"product_name": "Florida-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.144(C605)"
}
]
}
},
{
"product_name": "HUAWEI P smart",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P smart,HUAWEI Y7s",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.148(C635)"
},
{
"version_value": "earlier than 8.0.0.155(C185)"
},
{
"version_value": "earlier than 8.0.0.155(C605)"
},
{
"version_value": "earlier than 8.0.0.156(C605)"
},
{
"version_value": "earlier than 8.0.0.157(C432)"
}
]
}
},
{
"product_name": "HUAWEI nova 3e,HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.147(C461)"
},
{
"version_value": "earlier than 8.0.0.148(ZAFC185)"
},
{
"version_value": "earlier than 8.0.0.160(C185)"
},
{
"version_value": "earlier than 8.0.0.160(C605)"
},
{
"version_value": "earlier than 8.0.0.168(C432)"
},
{
"version_value": "earlier than 8.0.0.172(C636)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Honor View 10",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
}
},
{
"product_name": "Leland-AL00A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.182(C00)"
}
]
}
},
{
"product_name": "Leland-L21A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.135(C185)"
},
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22A",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L31A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.139(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19412",
"datePublished": "2020-06-08T18:21:28",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5303 (GCVE-0-2019-5303)
Vulnerability from nvd – Published: 2020-04-27 20:01 – Updated: 2024-08-04 19:54
VLAI?
Summary
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | ALP-AL00B |
Affected:
Versions earlier than 9.1.0.333(C00E333R2P1T8)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
},
{
"product": "Charlotte-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
},
{
"product": "Charlotte-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
},
{
"product": "Columbia-AL10B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Columbia-L29D",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
},
{
"product": "Cornell-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Cornell-L29A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
},
{
"product": "Emily-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
},
{
"product": "Ever-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
},
{
"product": "HUAWEI Mate 20 RS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
},
{
"product": "HUAWEI P20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.193"
}
]
},
{
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
},
{
"product": "HUAWEI Y9 2019",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
},
{
"product": "HUAWEI nova lite 3",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
},
{
"product": "Honor 10 Lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
},
{
"product": "Honor 8X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
},
{
"product": "Honor View 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
},
{
"product": "Jackman-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
},
{
"product": "Paris-L21B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
},
{
"product": "Paris-L21MEB",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
},
{
"product": "Paris-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
},
{
"product": "Sydney-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
},
{
"product": "Sydney-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
},
{
"product": "Sydney-L21BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
},
{
"product": "Sydney-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "Sydney-L22BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "SydneyM-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
},
{
"product": "SydneyM-L01",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
},
{
"product": "SydneyM-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
},
{
"product": "SydneyM-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
},
{
"product": "Yale-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
},
{
"product": "Honor 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
},
{
"product": "Honor Magic2",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.187"
}
]
},
{
"product": "Honor V20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T20:01:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
}
},
{
"product_name": "Charlotte-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Charlotte-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
}
},
{
"product_name": "Columbia-AL10B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Columbia-L29D",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
}
},
{
"product_name": "Cornell-AL00A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Cornell-L29A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
}
},
{
"product_name": "Ever-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 RS",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
}
},
{
"product_name": "HUAWEI P20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.193"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Y9 2019",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI nova lite 3",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
}
},
{
"product_name": "Honor 10 Lite",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
}
},
{
"product_name": "Honor 8X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
}
},
{
"product_name": "Honor View 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
}
},
{
"product_name": "Jackman-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
}
},
{
"product_name": "Paris-L21B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
}
},
{
"product_name": "Paris-L21MEB",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
}
},
{
"product_name": "Paris-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
}
},
{
"product_name": "Sydney-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Sydney-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L21BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
}
},
{
"product_name": "Sydney-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L22BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
}
},
{
"product_name": "SydneyM-L01",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L03",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L23",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
}
},
{
"product_name": "Yale-L21A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
}
},
{
"product_name": "Honor 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
}
},
{
"product_name": "Honor Magic2",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.187"
}
]
}
},
{
"product_name": "Honor V20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5303",
"datePublished": "2020-04-27T20:01:02",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5302 (GCVE-0-2019-5302)
Vulnerability from nvd – Published: 2020-04-27 19:50 – Updated: 2024-08-04 19:54
VLAI?
Summary
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | Sydney-L21 |
Affected:
Versions earlier than 9.1.0.215(C432E1R1P1T8)
Affected: Versions earlier than 9.1.0.213(C185E1R1P1T8) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sydney-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
},
{
"product": "Sydney-L21BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
},
{
"product": "Sydney-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "Sydney-L22BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "SydneyM-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
},
{
"product": "SydneyM-L01",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
},
{
"product": "SydneyM-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
},
{
"product": "SydneyM-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
},
{
"product": "Yale-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
},
{
"product": "Honor 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
},
{
"product": "Honor Magic2",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.187"
}
]
},
{
"product": "Honor V20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
},
{
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
},
{
"product": "HUAWEI Mate 20 RS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
},
{
"product": "HUAWEI P20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.193"
}
]
},
{
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
},
{
"product": "HUAWEI Y9 2019",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
},
{
"product": "HUAWEI nova lite 3",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
},
{
"product": "Honor 10 Lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
},
{
"product": "Honor 8X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
},
{
"product": "Honor View 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
},
{
"product": "Jackman-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
},
{
"product": "Paris-L21B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
},
{
"product": "Paris-L21MEB",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
},
{
"product": "Paris-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
},
{
"product": "Sydney-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
},
{
"product": "Charlotte-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
},
{
"product": "Columbia-AL10B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Columbia-L29D",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
},
{
"product": "Cornell-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Cornell-L29A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
},
{
"product": "Emily-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
},
{
"product": "Ever-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
},
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
},
{
"product": "Charlotte-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T19:50:50",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sydney-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L21BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
}
},
{
"product_name": "Sydney-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L22BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
}
},
{
"product_name": "SydneyM-L01",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L03",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L23",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
}
},
{
"product_name": "Yale-L21A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
}
},
{
"product_name": "Honor 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
}
},
{
"product_name": "Honor Magic2",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.187"
}
]
}
},
{
"product_name": "Honor V20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 RS",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
}
},
{
"product_name": "HUAWEI P20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.193"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Y9 2019",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI nova lite 3",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
}
},
{
"product_name": "Honor 10 Lite",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
}
},
{
"product_name": "Honor 8X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
}
},
{
"product_name": "Honor View 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
}
},
{
"product_name": "Jackman-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
}
},
{
"product_name": "Paris-L21B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
}
},
{
"product_name": "Paris-L21MEB",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
}
},
{
"product_name": "Paris-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
}
},
{
"product_name": "Sydney-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Charlotte-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
}
},
{
"product_name": "Columbia-AL10B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Columbia-L29D",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
}
},
{
"product_name": "Cornell-AL00A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Cornell-L29A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
}
},
{
"product_name": "Ever-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
}
},
{
"product_name": "Charlotte-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5302",
"datePublished": "2020-04-27T19:50:50",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5235 (GCVE-0-2019-5235)
Vulnerability from nvd – Published: 2019-12-13 23:09 – Updated: 2024-08-04 19:47
VLAI?
Summary
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
Severity ?
No CVSS data available.
CWE
- null pointer dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B |
Affected:
Version
Affected: 9.1.0.206(C00E205R3P1) Affected: 9.0.1.5(C735R1) Affected: 9.1.0.1(C00R3) Affected: 9.1.0.206 Affected: 9.0.1.162(C01E160R2P3) Affected: 8.2.0.170(C861) Affected: 8.2.0.188(C00R2P1) Affected: 8.2.0.163(C605) Affected: 8.2.0.160(C185) Affected: 8.2.0.156(C636R2P2) Affected: 8.2.0.152(C45CUSTC45D1) Affected: 8.2.0.162(C605) Affected: 8.2.0.175(C00R2P4) Affected: 8.2.0.190(C788R1P16) Affected: 8.2.0.161(C675CUSTC675D1) Affected: 8.2.0.165(C00R1P16) Affected: 8.2.0.130(C461R1P1) Affected: 8.2.0.130(C652CUSTC652D1) Affected: 8.2.0.131(C10R2P2) Affected: 8.2.0.136(C432CUSTC432D1) Affected: 8.2.0.101(C10CUSTC10D1) Affected: 8.2.0.101(C432CUSTC432D1) Affected: 8.2.0.131(C55CUSTC55D1) Affected: 8.2.0.105(C185R1P1) Affected: 8.2.0.107(C636R2P1) Affected: 8.2.0.103(C652CUSTC652D1) Affected: 8.2.0.105(C185R2P1) Affected: 8.2.0.130(C636CUSTC636D2) Affected: 8.2.0.133(C605CUSTC605D1) Affected: 8.2.0.155(C675R2P1) Affected: 8.2.0.110(C652CUSTC652D1) Affected: 8.2.0.100(C541CUSTC541D1) Affected: 8.2.0.165(C01R1P16) Affected: 9.1.0.208(C00E205R3P1) Affected: 9.1.0.162(C00E160R2P1) Affected: 9.1.0.12(C00R1) Affected: 9.1.0.4(C735R1) Affected: 9.1.0.162 Affected: 9.1.0.161 Affected: 9.1.0.162(C01E160R2P1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version"
},
{
"status": "affected",
"version": "9.1.0.206(C00E205R3P1)"
},
{
"status": "affected",
"version": "9.0.1.5(C735R1)"
},
{
"status": "affected",
"version": "9.1.0.1(C00R3)"
},
{
"status": "affected",
"version": "9.1.0.206"
},
{
"status": "affected",
"version": "9.0.1.162(C01E160R2P3)"
},
{
"status": "affected",
"version": "8.2.0.170(C861)"
},
{
"status": "affected",
"version": "8.2.0.188(C00R2P1)"
},
{
"status": "affected",
"version": "8.2.0.163(C605)"
},
{
"status": "affected",
"version": "8.2.0.160(C185)"
},
{
"status": "affected",
"version": "8.2.0.156(C636R2P2)"
},
{
"status": "affected",
"version": "8.2.0.152(C45CUSTC45D1)"
},
{
"status": "affected",
"version": "8.2.0.162(C605)"
},
{
"status": "affected",
"version": "8.2.0.175(C00R2P4)"
},
{
"status": "affected",
"version": "8.2.0.190(C788R1P16)"
},
{
"status": "affected",
"version": "8.2.0.161(C675CUSTC675D1)"
},
{
"status": "affected",
"version": "8.2.0.165(C00R1P16)"
},
{
"status": "affected",
"version": "8.2.0.130(C461R1P1)"
},
{
"status": "affected",
"version": "8.2.0.130(C652CUSTC652D1)"
},
{
"status": "affected",
"version": "8.2.0.131(C10R2P2)"
},
{
"status": "affected",
"version": "8.2.0.136(C432CUSTC432D1)"
},
{
"status": "affected",
"version": "8.2.0.101(C10CUSTC10D1)"
},
{
"status": "affected",
"version": "8.2.0.101(C432CUSTC432D1)"
},
{
"status": "affected",
"version": "8.2.0.131(C55CUSTC55D1)"
},
{
"status": "affected",
"version": "8.2.0.105(C185R1P1)"
},
{
"status": "affected",
"version": "8.2.0.107(C636R2P1)"
},
{
"status": "affected",
"version": "8.2.0.103(C652CUSTC652D1)"
},
{
"status": "affected",
"version": "8.2.0.105(C185R2P1)"
},
{
"status": "affected",
"version": "8.2.0.130(C636CUSTC636D2)"
},
{
"status": "affected",
"version": "8.2.0.133(C605CUSTC605D1)"
},
{
"status": "affected",
"version": "8.2.0.155(C675R2P1)"
},
{
"status": "affected",
"version": "8.2.0.110(C652CUSTC652D1)"
},
{
"status": "affected",
"version": "8.2.0.100(C541CUSTC541D1)"
},
{
"status": "affected",
"version": "8.2.0.165(C01R1P16)"
},
{
"status": "affected",
"version": "9.1.0.208(C00E205R3P1)"
},
{
"status": "affected",
"version": "9.1.0.162(C00E160R2P1)"
},
{
"status": "affected",
"version": "9.1.0.12(C00R1)"
},
{
"status": "affected",
"version": "9.1.0.4(C735R1)"
},
{
"status": "affected",
"version": "9.1.0.162"
},
{
"status": "affected",
"version": "9.1.0.161"
},
{
"status": "affected",
"version": "9.1.0.162(C01E160R2P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "null pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:09:32",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
"version": {
"version_data": [
{
"version_value": "Version"
},
{
"version_value": "9.1.0.206(C00E205R3P1)"
},
{
"version_value": "9.0.1.5(C735R1)"
},
{
"version_value": "9.1.0.1(C00R3)"
},
{
"version_value": "9.1.0.206(C00E205R3P1)"
},
{
"version_value": "9.1.0.206"
},
{
"version_value": "9.0.1.162(C01E160R2P3)"
},
{
"version_value": "8.2.0.170(C861)"
},
{
"version_value": "8.2.0.188(C00R2P1)"
},
{
"version_value": "8.2.0.163(C605)"
},
{
"version_value": "8.2.0.160(C185)"
},
{
"version_value": "8.2.0.156(C636R2P2)"
},
{
"version_value": "8.2.0.152(C45CUSTC45D1)"
},
{
"version_value": "8.2.0.162(C605)"
},
{
"version_value": "8.2.0.175(C00R2P4)"
},
{
"version_value": "8.2.0.190(C788R1P16)"
},
{
"version_value": "8.2.0.161(C675CUSTC675D1)"
},
{
"version_value": "8.2.0.165(C00R1P16)"
},
{
"version_value": "8.2.0.130(C461R1P1)"
},
{
"version_value": "8.2.0.130(C652CUSTC652D1)"
},
{
"version_value": "8.2.0.131(C10R2P2)"
},
{
"version_value": "8.2.0.136(C432CUSTC432D1)"
},
{
"version_value": "8.2.0.101(C10CUSTC10D1)"
},
{
"version_value": "8.2.0.101(C432CUSTC432D1)"
},
{
"version_value": "8.2.0.131(C55CUSTC55D1)"
},
{
"version_value": "8.2.0.105(C185R1P1)"
},
{
"version_value": "8.2.0.107(C636R2P1)"
},
{
"version_value": "8.2.0.103(C652CUSTC652D1)"
},
{
"version_value": "8.2.0.105(C185R2P1)"
},
{
"version_value": "8.2.0.107(C636R2P1)"
},
{
"version_value": "8.2.0.130(C636CUSTC636D2)"
},
{
"version_value": "8.2.0.133(C605CUSTC605D1)"
},
{
"version_value": "8.2.0.155(C675R2P1)"
},
{
"version_value": "8.2.0.155(C675R2P1)"
},
{
"version_value": "8.2.0.110(C652CUSTC652D1)"
},
{
"version_value": "8.2.0.155(C675R2P1)"
},
{
"version_value": "8.2.0.100(C541CUSTC541D1)"
},
{
"version_value": "8.2.0.165(C01R1P16)"
},
{
"version_value": "8.2.0.100(C541CUSTC541D1)"
},
{
"version_value": "9.1.0.208(C00E205R3P1)"
},
{
"version_value": "9.1.0.208(C00E205R3P1)"
},
{
"version_value": "9.1.0.162(C00E160R2P1)"
},
{
"version_value": "9.1.0.12(C00R1)"
},
{
"version_value": "9.1.0.4(C735R1)"
},
{
"version_value": "9.1.0.162(C00E160R2P1)"
},
{
"version_value": "9.1.0.12(C00R1)"
},
{
"version_value": "9.1.0.162"
},
{
"version_value": "9.1.0.161"
},
{
"version_value": "9.1.0.162(C01E160R2P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "null pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5235",
"datePublished": "2019-12-13T23:09:32",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2215 (GCVE-0-2019-2215)
Vulnerability from nvd – Published: 2019-10-11 18:16 – Updated: 2025-10-21 23:45
VLAI?
Summary
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Severity ?
7.8 (High)
CWE
- Elevation of privilege
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:42:50.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-2215",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:04:20.328785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:29.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-2215 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T19:06:43.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2019-2215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
},
{
"name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4186-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-2215",
"datePublished": "2019-10-11T18:16:48.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:29.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9506 (GCVE-0-2019-9506)
Vulnerability from nvd – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
VLAI?
Title
Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
Summary
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Severity ?
7.6 (High)
CWE
- CWE-310 - Cryptographic Issues
Assigner
References
Credits
Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"N/A"
],
"product": "BR/EDR",
"vendor": "Bluetooth",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310 Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T10:06:23",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
"workarounds": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "KNOB",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-08-14",
"ID": "CVE-2019-9506",
"STATE": "PUBLIC",
"TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BR/EDR",
"version": {
"version_data": [
{
"platform": "N/A",
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "Bluetooth"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310 Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#918987",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
"refsource": "MISC",
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
]
},
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9506",
"datePublished": "2019-08-14T16:27:45.059869Z",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-09-16T19:14:13.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7910 (GCVE-0-2018-7910)
Vulnerability from nvd – Published: 2018-11-13 19:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C |
Affected:
ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"
}
]
}
],
"datePublic": "2018-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7910",
"datePublished": "2018-11-13T19:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7911 (GCVE-0-2018-7911)
Vulnerability from nvd – Published: 2018-10-23 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Severity ?
No CVSS data available.
CWE
- FRP bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, |
Affected:
ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-23T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7911",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7901 (GCVE-0-2018-7901)
Vulnerability from nvd – Published: 2018-04-30 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.
Severity ?
No CVSS data available.
CWE
- remote control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, BLA-AL00B |
Affected:
ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, BLA-AL00B",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129"
}
]
}
],
"datePublic": "2018-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-30T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, BLA-AL00B",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7901",
"datePublished": "2018-04-30T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19412 (GCVE-0-2019-19412)
Vulnerability from cvelistv5 – Published: 2020-06-08 18:21 – Updated: 2024-08-05 02:16
VLAI?
Summary
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
Severity ?
No CVSS data available.
CWE
- FRP Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | ALP-AL00B |
Affected:
earlier than 9.0.0.181(C00E87R2P20T8)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
},
{
"product": "Anne-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.168(C00)"
}
]
},
{
"product": "BLA-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
},
{
"product": "BLA-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.172(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.173(C636)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
},
{
"product": "Figo-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
},
{
"product": "Figo-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L31",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
},
{
"product": "Florida-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
},
{
"product": "Florida-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.129(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.131(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.132(C185)"
}
]
},
{
"product": "Florida-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.132(C636)"
}
]
},
{
"product": "Florida-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.144(C605)"
}
]
},
{
"product": "HUAWEI P smart",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P smart,HUAWEI Y7s",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.148(C635)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.156(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.157(C432)"
}
]
},
{
"product": "HUAWEI nova 3e,HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.147(C461)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.148(ZAFC185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.168(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.172(C636)"
}
]
},
{
"product": "Honor View 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
},
{
"product": "Leland-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.182(C00)"
}
]
},
{
"product": "Leland-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.135(C185)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L31A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.139(C432)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:29:39",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
}
},
{
"product_name": "Anne-AL00",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.168(C00)"
}
]
}
},
{
"product_name": "BLA-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
}
},
{
"product_name": "BLA-L09C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"version_value": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"version_value": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.172(C432)"
},
{
"version_value": "earlier than 8.0.0.173(C636)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"version_value": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
}
},
{
"product_name": "Figo-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Figo-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L31",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
}
},
{
"product_name": "Florida-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
}
},
{
"product_name": "Florida-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.129(C605)"
},
{
"version_value": "earlier than 8.0.0.131(C432)"
},
{
"version_value": "earlier than 8.0.0.132(C185)"
}
]
}
},
{
"product_name": "Florida-L22",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.132(C636)"
}
]
}
},
{
"product_name": "Florida-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.144(C605)"
}
]
}
},
{
"product_name": "HUAWEI P smart",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P smart,HUAWEI Y7s",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.148(C635)"
},
{
"version_value": "earlier than 8.0.0.155(C185)"
},
{
"version_value": "earlier than 8.0.0.155(C605)"
},
{
"version_value": "earlier than 8.0.0.156(C605)"
},
{
"version_value": "earlier than 8.0.0.157(C432)"
}
]
}
},
{
"product_name": "HUAWEI nova 3e,HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.147(C461)"
},
{
"version_value": "earlier than 8.0.0.148(ZAFC185)"
},
{
"version_value": "earlier than 8.0.0.160(C185)"
},
{
"version_value": "earlier than 8.0.0.160(C605)"
},
{
"version_value": "earlier than 8.0.0.168(C432)"
},
{
"version_value": "earlier than 8.0.0.172(C636)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Honor View 10",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
}
},
{
"product_name": "Leland-AL00A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.182(C00)"
}
]
}
},
{
"product_name": "Leland-L21A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.135(C185)"
},
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22A",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L31A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.139(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19412",
"datePublished": "2020-06-08T18:21:28",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5303 (GCVE-0-2019-5303)
Vulnerability from cvelistv5 – Published: 2020-04-27 20:01 – Updated: 2024-08-04 19:54
VLAI?
Summary
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | ALP-AL00B |
Affected:
Versions earlier than 9.1.0.333(C00E333R2P1T8)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
},
{
"product": "Charlotte-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
},
{
"product": "Charlotte-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
},
{
"product": "Columbia-AL10B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Columbia-L29D",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
},
{
"product": "Cornell-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Cornell-L29A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
},
{
"product": "Emily-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
},
{
"product": "Ever-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
},
{
"product": "HUAWEI Mate 20 RS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
},
{
"product": "HUAWEI P20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.193"
}
]
},
{
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
},
{
"product": "HUAWEI Y9 2019",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
},
{
"product": "HUAWEI nova lite 3",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
},
{
"product": "Honor 10 Lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
},
{
"product": "Honor 8X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
},
{
"product": "Honor View 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
},
{
"product": "Jackman-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
},
{
"product": "Paris-L21B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
},
{
"product": "Paris-L21MEB",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
},
{
"product": "Paris-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
},
{
"product": "Sydney-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
},
{
"product": "Sydney-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
},
{
"product": "Sydney-L21BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
},
{
"product": "Sydney-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "Sydney-L22BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "SydneyM-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
},
{
"product": "SydneyM-L01",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
},
{
"product": "SydneyM-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
},
{
"product": "SydneyM-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
},
{
"product": "Yale-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
},
{
"product": "Honor 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
},
{
"product": "Honor Magic2",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.187"
}
]
},
{
"product": "Honor V20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T20:01:02",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
}
},
{
"product_name": "Charlotte-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Charlotte-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
}
},
{
"product_name": "Columbia-AL10B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Columbia-L29D",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
}
},
{
"product_name": "Cornell-AL00A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Cornell-L29A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
}
},
{
"product_name": "Ever-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 RS",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
}
},
{
"product_name": "HUAWEI P20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.193"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Y9 2019",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI nova lite 3",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
}
},
{
"product_name": "Honor 10 Lite",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
}
},
{
"product_name": "Honor 8X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
}
},
{
"product_name": "Honor View 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
}
},
{
"product_name": "Jackman-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
}
},
{
"product_name": "Paris-L21B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
}
},
{
"product_name": "Paris-L21MEB",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
}
},
{
"product_name": "Paris-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
}
},
{
"product_name": "Sydney-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Sydney-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L21BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
}
},
{
"product_name": "Sydney-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L22BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
}
},
{
"product_name": "SydneyM-L01",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L03",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L23",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
}
},
{
"product_name": "Yale-L21A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
}
},
{
"product_name": "Honor 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
}
},
{
"product_name": "Honor Magic2",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.187"
}
]
}
},
{
"product_name": "Honor V20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5303",
"datePublished": "2020-04-27T20:01:02",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:53.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5302 (GCVE-0-2019-5302)
Vulnerability from cvelistv5 – Published: 2020-04-27 19:50 – Updated: 2024-08-04 19:54
VLAI?
Summary
There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | Sydney-L21 |
Affected:
Versions earlier than 9.1.0.215(C432E1R1P1T8)
Affected: Versions earlier than 9.1.0.213(C185E1R1P1T8) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sydney-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
},
{
"product": "Sydney-L21BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
},
{
"product": "Sydney-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "Sydney-L22BR",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
},
{
"product": "SydneyM-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
},
{
"product": "SydneyM-L01",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
},
{
"product": "SydneyM-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
},
{
"product": "SydneyM-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
},
{
"product": "SydneyM-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
},
{
"product": "Yale-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
},
{
"product": "Honor 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
},
{
"product": "Honor Magic2",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.0.0.187"
}
]
},
{
"product": "Honor V20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
},
{
"product": "HUAWEI Mate 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
},
{
"product": "HUAWEI Mate 20 RS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
},
{
"product": "HUAWEI Mate 20 X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
},
{
"product": "HUAWEI P20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P20 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "HUAWEI P30",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.193"
}
]
},
{
"product": "HUAWEI P30 Pro",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
},
{
"product": "HUAWEI Y9 2019",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
},
{
"product": "HUAWEI nova lite 3",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
},
{
"product": "Honor 10 Lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
},
{
"product": "Honor 8X",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
},
{
"product": "Honor View 20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
},
{
"product": "Jackman-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
},
{
"product": "Paris-L21B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
},
{
"product": "Paris-L21MEB",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
},
{
"product": "Paris-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
},
{
"product": "Sydney-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
},
{
"product": "Charlotte-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
},
{
"product": "Columbia-AL10B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Columbia-L29D",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
},
{
"product": "Cornell-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
},
{
"product": "Cornell-L29A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
},
{
"product": "Emily-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
},
{
"product": "Ever-L29B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
},
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
},
{
"product": "Charlotte-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"status": "affected",
"version": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-27T19:50:50",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sydney-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C432E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L21BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P2T8)"
}
]
}
},
{
"product_name": "Sydney-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "Sydney-L22BR",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.258(C636E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.228(C00E78R1P7T8)"
}
]
}
},
{
"product_name": "SydneyM-L01",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.215(C782E2R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.213(C185E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.270(C432E3R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L03",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.217(C605E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L21",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E1R1P1T8)"
},
{
"version_value": "Versions earlier than 9.1.0.215(C432E4R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.259(C185E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.220(C635E1R1P2T8)"
},
{
"version_value": "Versions earlier than 9.1.0.216(C569E1R1P1T8)"
}
]
}
},
{
"product_name": "SydneyM-L23",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.226(C605E2R1P1T8)"
}
]
}
},
{
"product_name": "Yale-L21A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.154(C432E2R3P2)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C461E2R2P1)"
},
{
"version_value": "Versions earlier than 9.1.0.154(C636E2R2P1)"
}
]
}
},
{
"product_name": "Honor 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.152(C00E150R5P1)"
}
]
}
},
{
"product_name": "Honor Magic2",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.0.0.187"
}
]
}
},
{
"product_name": "Honor V20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.234(C00E234R4P3)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "HUAWEI Mate 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.131(C00E131R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.310(C185E10R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 RS",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C786E133R3P1)"
}
]
}
},
{
"product_name": "HUAWEI Mate 20 X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.135(C00E133R2P1)"
}
]
}
},
{
"product_name": "HUAWEI P20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI P30",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.193"
}
]
}
},
{
"product_name": "HUAWEI P30 Pro",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.186(C00E180R2P1)"
}
]
}
},
{
"product_name": "HUAWEI Y9 2019",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.220(C605E3R1P1T8)"
}
]
}
},
{
"product_name": "HUAWEI nova lite 3",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.305(C635E8R2P2)"
}
]
}
},
{
"product_name": "Honor 10 Lite",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.283(C605E8R2P2)"
}
]
}
},
{
"product_name": "Honor 8X",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.221(C461E2R1P1T8)"
}
]
}
},
{
"product_name": "Honor View 20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.238(C432E1R3P1)"
}
]
}
},
{
"product_name": "Jackman-L22",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.247(C636E2R4P1T8)"
}
]
}
},
{
"product_name": "Paris-L21B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C432E1R1P2T8)"
}
]
}
},
{
"product_name": "Paris-L21MEB",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C185E4R1P3T8)"
}
]
}
},
{
"product_name": "Paris-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.331(C636E1R1P3T8)"
}
]
}
},
{
"product_name": "Sydney-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.212(C00E62R1P7T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Charlotte-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.325(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.335(C636E3R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.336(C605E3R1P12T8)"
}
]
}
},
{
"product_name": "Columbia-AL10B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Columbia-L29D",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C461E3R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C185E3R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C10E5R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
}
]
}
},
{
"product_name": "Cornell-AL00A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R1P1T8)"
}
]
}
},
{
"product_name": "Cornell-L29A",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.328(C185E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C432E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C461E1R1P9T8)"
},
{
"version_value": "Versions earlier than 9.1.0.328(C636E2R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.336(C605E4R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C185E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E10R1P12T8)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C605E2R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C636E7R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.311(C432E7R1P11T8)"
}
]
}
},
{
"product_name": "Ever-L29B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E3R3P1)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.300(C432E4R1P9T8)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.315(C636E5R1P13T8)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.321(C636E4R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.330(C432E6R1P12T8)"
},
{
"version_value": "Versions earlier than 9.1.0.302(C635E4R1P13T8)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.333(C00E333R2P1T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.350(C10E3R1P14T8)"
},
{
"version_value": "Versions earlier than 9.1.0.351(C432E5R1P13T8)"
},
{
"version_value": "Versions earlier than 9.1.0.350(C636E4R1P13T8)"
}
]
}
},
{
"product_name": "Charlotte-L09C",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 9.1.0.311(C185E4R1P11T8)"
},
{
"version_value": "Versions earlier than 9.1.0.345(C432E8R1P11T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5302",
"datePublished": "2020-04-27T19:50:50",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5235 (GCVE-0-2019-5235)
Vulnerability from cvelistv5 – Published: 2019-12-13 23:09 – Updated: 2024-08-04 19:47
VLAI?
Summary
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
Severity ?
No CVSS data available.
CWE
- null pointer dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B |
Affected:
Version
Affected: 9.1.0.206(C00E205R3P1) Affected: 9.0.1.5(C735R1) Affected: 9.1.0.1(C00R3) Affected: 9.1.0.206 Affected: 9.0.1.162(C01E160R2P3) Affected: 8.2.0.170(C861) Affected: 8.2.0.188(C00R2P1) Affected: 8.2.0.163(C605) Affected: 8.2.0.160(C185) Affected: 8.2.0.156(C636R2P2) Affected: 8.2.0.152(C45CUSTC45D1) Affected: 8.2.0.162(C605) Affected: 8.2.0.175(C00R2P4) Affected: 8.2.0.190(C788R1P16) Affected: 8.2.0.161(C675CUSTC675D1) Affected: 8.2.0.165(C00R1P16) Affected: 8.2.0.130(C461R1P1) Affected: 8.2.0.130(C652CUSTC652D1) Affected: 8.2.0.131(C10R2P2) Affected: 8.2.0.136(C432CUSTC432D1) Affected: 8.2.0.101(C10CUSTC10D1) Affected: 8.2.0.101(C432CUSTC432D1) Affected: 8.2.0.131(C55CUSTC55D1) Affected: 8.2.0.105(C185R1P1) Affected: 8.2.0.107(C636R2P1) Affected: 8.2.0.103(C652CUSTC652D1) Affected: 8.2.0.105(C185R2P1) Affected: 8.2.0.130(C636CUSTC636D2) Affected: 8.2.0.133(C605CUSTC605D1) Affected: 8.2.0.155(C675R2P1) Affected: 8.2.0.110(C652CUSTC652D1) Affected: 8.2.0.100(C541CUSTC541D1) Affected: 8.2.0.165(C01R1P16) Affected: 9.1.0.208(C00E205R3P1) Affected: 9.1.0.162(C00E160R2P1) Affected: 9.1.0.12(C00R1) Affected: 9.1.0.4(C735R1) Affected: 9.1.0.162 Affected: 9.1.0.161 Affected: 9.1.0.162(C01E160R2P1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:47:56.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Version"
},
{
"status": "affected",
"version": "9.1.0.206(C00E205R3P1)"
},
{
"status": "affected",
"version": "9.0.1.5(C735R1)"
},
{
"status": "affected",
"version": "9.1.0.1(C00R3)"
},
{
"status": "affected",
"version": "9.1.0.206"
},
{
"status": "affected",
"version": "9.0.1.162(C01E160R2P3)"
},
{
"status": "affected",
"version": "8.2.0.170(C861)"
},
{
"status": "affected",
"version": "8.2.0.188(C00R2P1)"
},
{
"status": "affected",
"version": "8.2.0.163(C605)"
},
{
"status": "affected",
"version": "8.2.0.160(C185)"
},
{
"status": "affected",
"version": "8.2.0.156(C636R2P2)"
},
{
"status": "affected",
"version": "8.2.0.152(C45CUSTC45D1)"
},
{
"status": "affected",
"version": "8.2.0.162(C605)"
},
{
"status": "affected",
"version": "8.2.0.175(C00R2P4)"
},
{
"status": "affected",
"version": "8.2.0.190(C788R1P16)"
},
{
"status": "affected",
"version": "8.2.0.161(C675CUSTC675D1)"
},
{
"status": "affected",
"version": "8.2.0.165(C00R1P16)"
},
{
"status": "affected",
"version": "8.2.0.130(C461R1P1)"
},
{
"status": "affected",
"version": "8.2.0.130(C652CUSTC652D1)"
},
{
"status": "affected",
"version": "8.2.0.131(C10R2P2)"
},
{
"status": "affected",
"version": "8.2.0.136(C432CUSTC432D1)"
},
{
"status": "affected",
"version": "8.2.0.101(C10CUSTC10D1)"
},
{
"status": "affected",
"version": "8.2.0.101(C432CUSTC432D1)"
},
{
"status": "affected",
"version": "8.2.0.131(C55CUSTC55D1)"
},
{
"status": "affected",
"version": "8.2.0.105(C185R1P1)"
},
{
"status": "affected",
"version": "8.2.0.107(C636R2P1)"
},
{
"status": "affected",
"version": "8.2.0.103(C652CUSTC652D1)"
},
{
"status": "affected",
"version": "8.2.0.105(C185R2P1)"
},
{
"status": "affected",
"version": "8.2.0.130(C636CUSTC636D2)"
},
{
"status": "affected",
"version": "8.2.0.133(C605CUSTC605D1)"
},
{
"status": "affected",
"version": "8.2.0.155(C675R2P1)"
},
{
"status": "affected",
"version": "8.2.0.110(C652CUSTC652D1)"
},
{
"status": "affected",
"version": "8.2.0.100(C541CUSTC541D1)"
},
{
"status": "affected",
"version": "8.2.0.165(C01R1P16)"
},
{
"status": "affected",
"version": "9.1.0.208(C00E205R3P1)"
},
{
"status": "affected",
"version": "9.1.0.162(C00E160R2P1)"
},
{
"status": "affected",
"version": "9.1.0.12(C00R1)"
},
{
"status": "affected",
"version": "9.1.0.4(C735R1)"
},
{
"status": "affected",
"version": "9.1.0.162"
},
{
"status": "affected",
"version": "9.1.0.161"
},
{
"status": "affected",
"version": "9.1.0.162(C01E160R2P1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "null pointer dereference",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-13T23:09:32",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Harry-AL00C, Harry-AL00C-PRELOAD, Harry-AL10B, Harry-LGRP1-CHN, Harry-TL00C, Jackman-AL00D, Jackman-L03, Jackman-L21, Jackman-L22, Jackman-L23, Johnson-AL00C, Johnson-AL00IC, Johnson-AL10C, Johnson-L21C, Johnson-L21D, Johnson-L22C, Johnson-L22D, Johnson-L23C, Johnson-L42IC, Johnson-L42IE, Johnson-L42IF, Johnson-TL00D, Johnson-TL00F, Potter-AL00C, Potter-AL10A, VOGUE-AL00A, VOGUE-AL00A-PRELOAD, VOGUE-AL10C, VOGUE-AL10C-PRELOAD, VOGUE-LGRP1-CHN, VOGUE-LGRP2-OVS, VOGUE-TL00B",
"version": {
"version_data": [
{
"version_value": "Version"
},
{
"version_value": "9.1.0.206(C00E205R3P1)"
},
{
"version_value": "9.0.1.5(C735R1)"
},
{
"version_value": "9.1.0.1(C00R3)"
},
{
"version_value": "9.1.0.206(C00E205R3P1)"
},
{
"version_value": "9.1.0.206"
},
{
"version_value": "9.0.1.162(C01E160R2P3)"
},
{
"version_value": "8.2.0.170(C861)"
},
{
"version_value": "8.2.0.188(C00R2P1)"
},
{
"version_value": "8.2.0.163(C605)"
},
{
"version_value": "8.2.0.160(C185)"
},
{
"version_value": "8.2.0.156(C636R2P2)"
},
{
"version_value": "8.2.0.152(C45CUSTC45D1)"
},
{
"version_value": "8.2.0.162(C605)"
},
{
"version_value": "8.2.0.175(C00R2P4)"
},
{
"version_value": "8.2.0.190(C788R1P16)"
},
{
"version_value": "8.2.0.161(C675CUSTC675D1)"
},
{
"version_value": "8.2.0.165(C00R1P16)"
},
{
"version_value": "8.2.0.130(C461R1P1)"
},
{
"version_value": "8.2.0.130(C652CUSTC652D1)"
},
{
"version_value": "8.2.0.131(C10R2P2)"
},
{
"version_value": "8.2.0.136(C432CUSTC432D1)"
},
{
"version_value": "8.2.0.101(C10CUSTC10D1)"
},
{
"version_value": "8.2.0.101(C432CUSTC432D1)"
},
{
"version_value": "8.2.0.131(C55CUSTC55D1)"
},
{
"version_value": "8.2.0.105(C185R1P1)"
},
{
"version_value": "8.2.0.107(C636R2P1)"
},
{
"version_value": "8.2.0.103(C652CUSTC652D1)"
},
{
"version_value": "8.2.0.105(C185R2P1)"
},
{
"version_value": "8.2.0.107(C636R2P1)"
},
{
"version_value": "8.2.0.130(C636CUSTC636D2)"
},
{
"version_value": "8.2.0.133(C605CUSTC605D1)"
},
{
"version_value": "8.2.0.155(C675R2P1)"
},
{
"version_value": "8.2.0.155(C675R2P1)"
},
{
"version_value": "8.2.0.110(C652CUSTC652D1)"
},
{
"version_value": "8.2.0.155(C675R2P1)"
},
{
"version_value": "8.2.0.100(C541CUSTC541D1)"
},
{
"version_value": "8.2.0.165(C01R1P16)"
},
{
"version_value": "8.2.0.100(C541CUSTC541D1)"
},
{
"version_value": "9.1.0.208(C00E205R3P1)"
},
{
"version_value": "9.1.0.208(C00E205R3P1)"
},
{
"version_value": "9.1.0.162(C00E160R2P1)"
},
{
"version_value": "9.1.0.12(C00R1)"
},
{
"version_value": "9.1.0.4(C735R1)"
},
{
"version_value": "9.1.0.162(C00E160R2P1)"
},
{
"version_value": "9.1.0.12(C00R1)"
},
{
"version_value": "9.1.0.162"
},
{
"version_value": "9.1.0.161"
},
{
"version_value": "9.1.0.162(C01E160R2P1)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "null pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190821-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5235",
"datePublished": "2019-12-13T23:09:32",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:47:56.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2215 (GCVE-0-2019-2215)
Vulnerability from cvelistv5 – Published: 2019-10-11 18:16 – Updated: 2025-10-21 23:45
VLAI?
Summary
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Severity ?
7.8 (High)
CWE
- Elevation of privilege
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:42:50.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-2215",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T13:04:20.328785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:29.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-2215"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2019-2215 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-02T19:06:43.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4186-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2019-2215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2019-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
},
{
"name": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154911/Android-Binder-Use-After-Free.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191030-01-binder-en"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0005/"
},
{
"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
},
{
"name": "USN-4186-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4186-1/"
},
{
"name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html"
},
{
"name": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156495/Android-Binder-Use-After-Free.html"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2019-2215",
"datePublished": "2019-10-11T18:16:48.000Z",
"dateReserved": "2018-12-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:29.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9506 (GCVE-0-2019-9506)
Vulnerability from cvelistv5 – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
VLAI?
Title
Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
Summary
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Severity ?
7.6 (High)
CWE
- CWE-310 - Cryptographic Issues
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"N/A"
],
"product": "BR/EDR",
"vendor": "Bluetooth",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310 Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T10:06:23",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
"workarounds": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "KNOB",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-08-14",
"ID": "CVE-2019-9506",
"STATE": "PUBLIC",
"TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BR/EDR",
"version": {
"version_data": [
{
"platform": "N/A",
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "Bluetooth"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310 Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#918987",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
"refsource": "MISC",
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
]
},
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9506",
"datePublished": "2019-08-14T16:27:45.059869Z",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-09-16T19:14:13.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7910 (GCVE-0-2018-7910)
Vulnerability from cvelistv5 – Published: 2018-11-13 19:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C |
Affected:
ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"
}
]
}
],
"datePublic": "2018-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-13T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, ALP-TL00B, BLA-AL00B, BLA-L09C, BLA-L29C",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user\u0027s smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181101-01-bypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7910",
"datePublished": "2018-11-13T19:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7911 (GCVE-0-2018-7911)
Vulnerability from cvelistv5 – Published: 2018-10-23 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
Severity ?
No CVSS data available.
CWE
- FRP bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A, |
Affected:
ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)"
}
]
}
],
"datePublic": "2018-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-23T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, ALP-AL00B-RSC, BLA-TL00B, Charlotte-AL00A, Emily-AL00A,",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180822-01-frpbypass-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7911",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7901 (GCVE-0-2018-7901)
Vulnerability from cvelistv5 – Published: 2018-04-30 14:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.
Severity ?
No CVSS data available.
CWE
- remote control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | ALP-AL00B, BLA-AL00B |
Affected:
ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B, BLA-AL00B",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129"
}
]
}
],
"datePublic": "2018-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-30T13:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B, BLA-AL00B",
"version": {
"version_data": [
{
"version_value": "ALP-AL00B, earlier versions than 8.0.0.129, BLA-AL00B, earlier versions than 8.0.0.129"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180425-01-rcs-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7901",
"datePublished": "2018-04-30T14:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}