var-201911-0833
Vulnerability from variot
Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. Huawei P30 and others are all smartphones of China's Huawei company. The vulnerability stems from the fact that the system does not lock the function
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0833", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "p30 pro", "scope": "eq", "trust": 1.2, "vendor": "huawei", "version": null }, { "model": "honor v20", "scope": "eq", "trust": 1.2, "vendor": "huawei", "version": null }, { "model": "p30 pro", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "vogue-al00a_9.1.0.193\\(c00e190r1p12\\)" }, { "model": "honor v20", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "princeton-al10b_9.1.0.233\\(c00e233r4p3\\)" }, { "model": "p30", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "elle-al00b_9.1.0.193\\(c00e190r1p21\\)" }, { "model": "honor v20", "scope": "lt", "trust": 0.8, "vendor": "huawei", "version": "princeton-al10b 9.1.0.233(c00e233r4p3)" }, { "model": "p30 pro", "scope": "lt", "trust": 0.8, "vendor": "huawei", "version": "vogue-al00a 9.1.0.193(c00e190r1p12)" }, { "model": "p30", "scope": "lt", "trust": 0.8, "vendor": "huawei", "version": "elle-al00b 9.1.0.193(c00e190r1p21)" }, { "model": "p30 \u003celle-al00b 9.1.0.193", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "p30 pro \u003cvogue-al00a 9.1.0.193", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "honor \u003cprinceton-al10b 9.1.0.233", "scope": null, "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "p30", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": null }, { "model": "p30 pro", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "9.1.0.226c00e210r2p1" }, { "model": "p30", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "elle-al00b_9.1.0.186c00e180r2p1" }, { "model": "honor v20", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "9.0.1.161c00e161r2p2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "NVD", "id": "CVE-2019-5228" }, { "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "elle-al00b_9.1.0.193\\(c00e190r1p21\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "vogue-al00a_9.1.0.193\\(c00e190r1p12\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "princeton-al10b_9.1.0.233\\(c00e233r4p3\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:honor_v20:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-5228" } ] }, "cve": "CVE-2019-5228", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-5228", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2019-41252", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-5228", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-5228", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-41252", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201909-540", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "NVD", "id": "CVE-2019-5228" }, { "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution. Huawei P30 and others are all smartphones of China\u0027s Huawei company. The vulnerability stems from the fact that the system does not lock the function", "sources": [ { "db": "NVD", "id": "CVE-2019-5228" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "CNVD", "id": "CNVD-2019-41252" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-5228", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-011975", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2019-41252", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201909-540", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "NVD", "id": "CVE-2019-5228" }, { "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "id": "VAR-201911-0833", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" } ], "trust": 1.431770852 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" } ] }, "last_update_date": "2023-12-18T13:33:15.671000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "huawei-sa-20190911-01-smartphone", "trust": 0.8, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en" }, { "title": "Patch for Huawei P30, Huawei P30 Pro and Honor Princeton-AL10B Conditional Competitive Vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/190791" }, { "title": "Huawei P30 , Huawei P30 Pro and Honor Princeton-AL10B Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98128" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.8 }, { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "NVD", "id": "CVE-2019-5228" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5228" }, { "trust": 1.2, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190911-01-smartphone-cn" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5228" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-41252" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "NVD", "id": "CVE-2019-5228" }, { "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-41252" }, { "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "db": "NVD", "id": "CVE-2019-5228" }, { "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CNVD", "id": "CNVD-2019-41252" }, { "date": "2019-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "date": "2019-11-12T23:15:10.223000", "db": "NVD", "id": "CVE-2019-5228" }, { "date": "2019-09-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CNVD", "id": "CNVD-2019-41252" }, { "date": "2019-11-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-011975" }, { "date": "2021-07-21T11:39:23.747000", "db": "NVD", "id": "CVE-2019-5228" }, { "date": "2019-11-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-540" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-540" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Huawei Vulnerability related to competition in smartphone products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-011975" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competition condition problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-540" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.