VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 4, 2019· Updated Aug 4, 2024

CVE-2019-5296

CVE-2019-5296

Description

Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have an out-of-bounds read vulnerability. An attacker with a high permission runs some specific commands on the smartphone. Due to insufficient input verification, successful exploit may cause out-of-bounds read of the memory and the system abnormal.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A high-privilege attacker can trigger an out-of-bounds memory read on Mate20 smartphones, causing system instability.

Vulnerability

An out-of-bounds read vulnerability exists in Huawei Mate20 smartphones running versions earlier than HMA-AL00C00B175. The flaw resides in insufficient input verification during the execution of specific commands with high permissions, allowing a local attacker to cause a read beyond the bounds of allocated memory [1].

Exploitation

An attacker must obtain high system permissions on the device (kernel or root-level access) and then run crafted commands that trigger the out-of-bounds read condition. No user interaction is required beyond the initial privilege escalation, and the attack is conducted locally on the device [1].

Impact

Successful exploitation results in out-of-bounds memory read, which may cause the system to become unstable or crash. The vulnerability does not provide code execution or data exfiltration on its own, but the resulting denial-of-service condition can affect device availability [1].

Mitigation

Huawei released a software update to address this vulnerability. The fix is included in version HMA-AL00C00B175 and later for the Mate20. Users should update their devices to the latest firmware [1].

References
  1. Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Huawei/Mate20llm-create2 versions
    < HMA-AL00C00B175+ 1 more
    • (no CPE)range: < HMA-AL00C00B175
    • (no CPE)range: Versions earlier than HMA-AL00C00B175

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.