Sign-up

ID

VAR-202007-1273


CVE

CVE-2020-9262


TITLE

Huawei Mate 30 resource management error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-52410 // CNNVD: CNNVD-202007-081

DESCRIPTION

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution. HUAWEI Mate 30 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. The vulnerability is caused by the system using the released memory in certain scenarios

Trust: 2.16

sources: NVD: CVE-2020-9262 // JVNDB: JVNDB-2020-007478 // CNVD: CNVD-2020-52410

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52410

AFFECTED PRODUCTS

vendor:huaweimodel:mate 30scope:ltversion:10.1.0.150\(c00e136r5p3\)

Trust: 1.0

vendor:huaweimodel:mate 30scope:eqversion:10.1.0.150(c00e136r5p3)

Trust: 0.8

vendor:huaweimodel:mate <10.1.0.150scope:eqversion:30

Trust: 0.6

sources: CNVD: CNVD-2020-52410 // JVNDB: JVNDB-2020-007478 // NVD: CVE-2020-9262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9262
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007478
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-52410
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-081
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9262
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007478
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52410
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9262
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007478
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52410 // JVNDB: JVNDB-2020-007478 // CNNVD: CNNVD-202007-081 // NVD: CVE-2020-9262

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2020-007478 // NVD: CVE-2020-9262

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-081

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202007-081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007478

PATCH
title:huawei-sa-20200701-06-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-06-smartphone-en
Trust: 0.8
title:Patch for Huawei Mate 30 resource management error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/234403
Trust: 0.6
title:Huawei Mate 30 Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123466
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52410 // 
            
            
            
            JVNDB: JVNDB-2020-007478 // 
            
            
            
            CNNVD: CNNVD-202007-081

EXTERNAL IDS
db:NVDid:CVE-2020-9262
Trust: 3.0
db:JVNDBid:JVNDB-2020-007478
Trust: 0.8
db:CNVDid:CNVD-2020-52410
Trust: 0.6
db:NSFOCUSid:49654
Trust: 0.6
db:CNNVDid:CNNVD-202007-081
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52410 // 
            
            
            
            JVNDB: JVNDB-2020-007478 // 
            
            
            
            CNNVD: CNNVD-202007-081 // 
            
            
            
            NVD: CVE-2020-9262

REFERENCES
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-06-smartphone-en
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-9262
Trust: 1.4
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-06-smartphone-cn
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9262
Trust: 0.8
url:http://www.nsfocus.net/vulndb/49654
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52410 // 
            
            
            
            JVNDB: JVNDB-2020-007478 // 
            
            
            
            CNNVD: CNNVD-202007-081 // 
            
            
            
            NVD: CVE-2020-9262

SOURCES
db:CNVDid:CNVD-2020-52410
db:JVNDBid:JVNDB-2020-007478
db:CNNVDid:CNNVD-202007-081
db:NVDid:CVE-2020-9262

LAST UPDATE DATE
2024-11-23T22:29:30.943000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52410date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-007478date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-081date:2020-10-20T00:00:00
db:NVDid:CVE-2020-9262date:2024-11-21T05:40:17.833

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52410date:2020-09-17T00:00:00
db:JVNDBid:JVNDB-2020-007478date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202007-081date:2020-07-01T00:00:00
db:NVDid:CVE-2020-9262date:2020-07-06T19:15:12.900