CVE-2019-5216

Vulnerability

A race condition vulnerability exists in the driver of certain Huawei smartphones, specifically affecting the Honor V10 (versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8)), Honor 10 (versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8)), and Honor Play (versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8)). The bug allows multiple processes to simultaneously operate on the same variable, leading to undefined behavior. The attacker must trick the user into installing a malicious application to trigger the condition [1].

Exploitation

An attacker needs to convince the victim to install a crafted application that will initiate multiple concurrent operations on a shared variable within the affected driver. No additional network position or special privileges are required beyond installing the application. The race window is triggered by the malicious process, which causes the driver to mishandle concurrent access and allows the attacker to execute arbitrary code [1].

Impact

Successful exploitation of the race condition results in the execution of malicious code at the driver level. This can lead to arbitrary code execution, potentially compromising the confidentiality, integrity, and availability of the device. The attacker can achieve code execution with system-level privileges, effectively taking full control of the device [1].

Mitigation

Huawei released software updates to fix this vulnerability. The resolved versions are Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Columbia-AL10B 9.0.0.156(C00E156R1P20T8), and Cornell-AL00A 9.0.0.156(C00E156R1P13T8) for the Honor V10, Honor 10, and Honor Play respectively. Users should update their devices to these versions or later. No workaround is provided. The advisory was published on 2019-01-16 [1]. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.