VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 29, 2019· Updated Aug 4, 2024

CVE-2019-5225

CVE-2019-5225

Description

P30, Mate 20, P30 Pro smartphones with software of versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), versions earlier than Hima-AL00B 9.1.0.135(C00E200R2P1), versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12) have a buffer overflow vulnerability on several , the system does not properly validate certain length parameter which an application transports to kernel. An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in Huawei P30, Mate 20, P30 Pro due to improper length validation allows arbitrary code execution via malicious app.

Vulnerability

A buffer overflow vulnerability exists in the kernel of Huawei P30, Mate 20, and P30 Pro smartphones running software versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21) for P30, Hima-AL00B 9.1.0.135(C00E200R2P1) for Mate 20, and VOGUE-AL00A 9.1.0.193(C00E190R1P12) for P30 Pro [1]. The system does not properly validate a length parameter that an application passes to the kernel, leading to a buffer overflow.

Exploitation

An attacker must trick the user into installing a malicious application. Once installed, the application can send a crafted length parameter to the kernel, triggering the buffer overflow [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code within the kernel context, potentially gaining full control of the device [1].

Mitigation

Huawei has released software updates to fix this vulnerability. Users should update their devices to the resolved versions: ELLE-AL00B 9.1.0.193(C00E190R1P21) for P30, Hima-AL00B 9.1.0.135(C00E200R2P1) for Mate 20, and VOGUE-AL00A 9.1.0.193(C00E190R1P12) for P30 Pro [1]. No workarounds are mentioned.

References
  1. Security Advisory - Buffer Overflow Vulnerability on Several Smartphones

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Huawei/P30, Mate 20, P30 Pro smartphonesdescription
  • Huawei/P30llm-fuzzy
    Range: <ELLE-AL00B 9.1.0.193(C00E190R1P21)
  • Huawei/P30 Prollm-fuzzy
    Range: <VOGUE-AL00A 9.1.0.193(C00E190R1P12)
  • Huawei/Mate 20llm-fuzzy
    Range: <Hima-AL00B 9.1.0.135(C00E200R2P1)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.