CVE-2019-5236
Description
Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A double free vulnerability in Huawei Emily-L29C smart phones allows an attacker to cause abnormal behavior by tricking a user to click a malicious URL.
Vulnerability
A double free vulnerability exists in Huawei Emily-L29C smart phones running specific versions: 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), and 8.1.0.159(C636) [1]. The vulnerability is triggered when a user clicks a crafted URL, leading to a double free condition in the affected software.
Exploitation
An attacker must trick a user into clicking a malicious URL, which can be delivered via phishing or other social engineering methods [1]. No additional authentication or network position is required beyond the user's interaction. The exact sequence of steps is not detailed in the advisory, but the double free occurs during URL handling.
Impact
Successful exploitation may cause the affected phone to behave abnormally [1]. The advisory does not specify the exact consequences, but double free vulnerabilities often lead to denial of service, memory corruption, or potential code execution. The impact is limited to the device's stability.
Mitigation
Huawei has released software updates to fix this vulnerability. Users should upgrade their Emily-L29C devices to the resolved version 9.1.0.311 (specific builds per variant) [1]. No workarounds are provided. The advisory was published on August 7, 2019.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
28.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636)+ 1 more
- (no CPE)range: 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636)
- (no CPE)range: 8.1.0.132a(C432)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190807-01-smartphone-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.