CVE-2020-9247
Description
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Huawei smartphones due to insufficient validation of a configuration parameter allows code execution via a malicious high-privilege app.
Vulnerability
A buffer overflow vulnerability exists in several Huawei smartphone products, including HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B, and YaleP-AL10B. The system does not sufficiently validate a certain configuration parameter passed from the user, causing a buffer overflow [1]. Affected versions are those earlier than specified resolved builds (e.g., 10.1.0.230(C432E9R5P1) for HONOR 20 PRO) [1].
Exploitation
The attacker must trick the user into installing and running a malicious application with high privileges [1]. No other preconditions such as network access or user interaction beyond installing the app are mentioned. The specific sequence of steps is not detailed in the available references.
Impact
Successful exploitation could lead to code execution on the device, potentially allowing the attacker to take control of the affected smartphone [1]. The exact scope of compromise (e.g., user-space vs kernel) or CIA impact beyond arbitrary code execution is not further elaborated in the references.
Mitigation
Huawei has released software updates to fix this vulnerability [1]. The resolved versions are listed for each product, for example, HONOR 20 PRO is fixed in version 10.1.0.230(C432E9R5P1). Users should update their devices to the latest available firmware. No workarounds are provided in the advisory. The CVE is not known to be listed on the CISA KEV.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
16- Range: unspecified
unspecified+ 2 more
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- (no CPE)range: unspecified
- Range: 9.1.0.272(C635E4R2P2)
- Range: unspecified
- Huawei/Laya-AL00EPv5Range: unspecified
- Huawei/Princeton-AL10Bv5Range: unspecified
- Range: unspecified
- Huawei/Yale-L61Av5Range: unspecified
- Huawei/YaleP-AL10Bv5Range: unspecified
- Huawei/Yale-TL00Bv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.