CVE-2020-9146

Vulnerability

A memory buffer error vulnerability exists in a component interface of Huawei Smartphones [1]. The issue is triggered by local attackers who carefully construct attack scenarios. Affected software versions include EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1, EMUI 8.2, EMUI 8.0 [1].

Exploitation

An attacker must have local access to the device and be able to execute carefully constructed attack scenarios [1]. The vulnerability is exploitable without requiring elevated privileges beyond normal user access. The exact sequence of steps is not publicly detailed but involves triggering a memory buffer error in the component interface.

Impact

Successful exploitation leads to memory leakage and denial of service (DoS) attacks [1]. The attacker can cause the affected component to fail, disrupting normal device operation. No remote code execution or privilege escalation is described in the available references.

Mitigation

Huawei released security updates in January 2021 that include fixes for this vulnerability [1]. Users should update their devices to the latest firmware versions containing the patches. The bulletin does not list any alternative workarounds if the patch is not applied.