VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 1, 2020· Updated Aug 4, 2024

CVE-2020-9117

CVE-2020-9117

Description

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An attacker with specific permissions can send a crafted packet to Huawei nova 4 and SydneyM-AL00 smartphones, causing out-of-bounds read/write leading to information leakage or arbitrary code execution.

Vulnerability

The vulnerability resides in the packet processing module of Huawei nova 4 (versions earlier than 10.0.0.165(C01E34R2P4)) and SydneyM-AL00 (versions earlier than 10.0.0.165(C00E66R1P5)) smartphones. It is an out-of-bounds read and write flaw caused by insufficient validation of crafted packets. An attacker with specific permissions can trigger it by sending a malformed packet with a specific parameter to the affected device [1].

Exploitation

An attacker must have specific permissions on the device (e.g., local access or the ability to send packets to the affected component). The attacker crafts a malformed packet containing a specific parameter and transmits it to the vulnerable product. The insufficient validation in the packet processing code leads to the out-of-bounds access [1].

Impact

Successful exploitation can result in information leakage (reading out-of-bounds memory) or arbitrary code execution (by writing out-of-bounds). The attacker could potentially gain elevated privileges or execute malicious code on the targeted device [1].

Mitigation

Huawei has released software updates to fix this vulnerability. The resolved versions are 10.0.0.165(C01E34R2P4) for HUAWEI nova 4 and 10.0.0.165(C00E66R1P5) for SydneyM-AL00. Users are advised to upgrade to these versions or later [1].

References
  1. Security Advisory - Out-of-bounds Read Vulnerability in Some Huawei Smartphones

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • HUAWEI/nova 4, SydneyM-AL00description
  • Huawei/nova 4llm-create
    Range: <=10.0.0.165(C01E34R2P4)
  • Huawei/SydneyM-AL00llm-create
    Range: <=10.0.0.165(C00E66R1P5)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.