Lucene search

Huawei TechnologiesHUAWEI-SA-20200513-03-SMARTPHONE

HistoryMay 13, 2020 - 12:00 a.m.

Security Advisory - Integer Overflow Vulnerability in Android affects Several Huawei Smartphones

2020-05-1300:00:00

Huawei Technologies

www.huawei.com

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.3%

JSON

There is an integer overflow vulnerability in Android affects several Huawei smartphones. There is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. (Vulnerability ID: HWPSIRT-2020-02120)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-0022.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en

Affected configurations

Vulners

Node

huaweimate_20_firmwareRange<10.0.0.195

huaweimate_20_pro_firmwareRange<10.0.0.196

huaweimate_20_pro_firmwareRange<10.0.0.198

huaweimate_20_x_firmwareRange<10.0.0.195

huaweip-smart_firmwareRange<9.1.0.193

huaweip_smart_2019_firmwareRange<10.0.0.180

huaweihuawei_p20Range<10.0.0.162

huaweihuawei_p30Range<10.0.0.190

huaweihuawei_p30Range<10.0.0.192

huaweihuawei_p30Range<10.0.0.195

huaweip30_pro_firmwareRange<10.0.0.195

huaweihuawei_y6_2019Range<9.1.0.290

huaweihuawei_y9_2019Range<9.1.0.264

huaweihuawei_nova_3Range<9.1.0.338

huaweinova_lite_3_firmwareRange<9.1.0.322

huaweihonor_8aRange<9.1.0.291

huaweihonor_8xRange<10.0.0.183

huaweihonor_view_20Range<10.0.0.195

huaweihonor_view_20Range<10.0.0.196

huaweimate_30_pro_firmwareRange<10.0.0.203

huaweimate_30_firmwareRange<10.0.0.203

huaweimate_30_pro_5g_firmwareRange<10.0.0.203

huaweimate_30_5g_firmwareRange<10.0.0.203

CPENameOperatorVersion
huawei mate 20lt10.0.0.195
huawei mate 20 prolt10.0.0.196
huawei mate 20 prolt10.0.0.196
huawei mate 20 prolt10.0.0.198
huawei mate 20 xlt10.0.0.195
huawei p smartlt9.1.0.193
huawei p smartlt9.1.0.193
huawei p smart 2019lt10.0.0.180
huawei p20lt10.0.0.162
huawei p20 prolt10.0.0.162

Name	Operator	Version
huawei mate 20	lt	10.0.0.195
huawei mate 20 pro	lt	10.0.0.196
huawei mate 20 pro	lt	10.0.0.196
huawei mate 20 pro	lt	10.0.0.198
huawei mate 20 x	lt	10.0.0.195
huawei p smart	lt	9.1.0.193
huawei p smart	lt	9.1.0.193
huawei p smart 2019	lt	10.0.0.180
huawei p20	lt	10.0.0.162
huawei p20 pro	lt	10.0.0.162