VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 12, 2019· Updated Aug 4, 2024

CVE-2019-5228

CVE-2019-5228

Description

Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A race condition in smartphone detection modules allows out-of-bounds write, enabling code execution via malicious app.

Vulnerability

A race condition exists in the detection module of certain Huawei smartphones, including P30, P30 Pro, and Honor V20. The system does not properly lock a specific function, and when called by multiple processes concurrently, it can cause an out-of-bounds write. Affected versions are P30 earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), P30 Pro earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Honor V20 earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3), and other models as listed in the advisory [1].

Exploitation

An attacker must trick the user into installing a malicious application. Once installed, the app can exploit the race condition by repeatedly invoking the vulnerable function from multiple processes, triggering an out-of-bounds write [1].

Impact

Successful exploitation results in arbitrary code execution within the context of the detection module, potentially allowing the attacker to gain elevated privileges or compromise the device [1].

Mitigation

Huawei has released software updates to fix this vulnerability. Users should upgrade to the following resolved versions or later: ELLE-AL00B 9.1.0.193(C00E190R1P21) for P30, VOGUE-AL00A 9.1.0.193(C00E190R1P12) for P30 Pro, Princeton-AL10B 9.1.0.233(C00E233R4P3) for Honor V20, and corresponding versions for other affected models [1].

References
  1. Security Advisory - Race Condition Vulnerability on Several Smartphones

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Huawei/P30llm-fuzzy
    Range: < ELLE-AL00B 9.1.0.193 (C00E190R1P21)
  • Huawei/P30 Prollm-fuzzy
    Range: < VOGUE-AL00A 9.1.0.193 (C00E190R1P12)
  • Huawei/Honor V20llm-fuzzy
    Range: < Princeton-AL10B 9.1.0.233 (C00E233R4P3)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.