Details of VAR-202008-1051

ID

VAR-202008-1051

CVE

CVE-2020-9104

TITLE

HUAWEI P30 Vulnerability regarding lack of free memory after expiration in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009985

DESCRIPTION

HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability. In specific scenario, due to the improper resource management and memory leak of some feature, the attacker could exploit this vulnerability to cause the device reset. HUAWEI P30 Is vulnerable to a lack of free memory after expiration.By a third party DKIM Arbitrary code can be executed or denial of service through format string specifiers in the data used for logging ( Daemon crash ) It may be put into a state. Huawei P30 is a smart phone of China's Huawei (Huawei) company. There is a denial of service vulnerability in Huawei P30, which stems from incorrect resource management. Attackers can use this vulnerability to denial of service (memory leaks) on mobile phones

Trust: 2.16

sources: NVD: CVE-2020-9104 // JVNDB: JVNDB-2020-009985 // CNVD: CNVD-2020-52405

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52405

AFFECTED PRODUCTS

vendor:	huawei	model:	p30 <10.1.0.126	scope:	-	version:	-	Trust: 3.0
vendor:	huawei	model:	p30 <10.1.0.160	scope:	-	version:	-	Trust: 1.2
vendor:	huawei	model:	p30 <10.1.0.123	scope:	-	version:	-	Trust: 1.2
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.128\(c635e3r2p4\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.123\(c431e22r2p5\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.126\(c605e19r1p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.126\(c461e7r3p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.160\(c00e160r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.160\(c01e160r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.126\(c10e7r5p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.123\(c432e22r2p5\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.126\(c185e4r7p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.126\(c636e7r3p4\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.123(c431e22r2p5)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.123(c432e22r2p5)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.126(c10e7r5p1)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.126(c185e4r7p1)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.126(c461e7r3p1)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.126(c605e19r1p3)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.126(c636e7r3p4)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.128(c635e3r2p4)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.160(c00e160r2p11)	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	10.1.0.160(c01e160r2p11)	Trust: 0.8
vendor:	huawei	model:	p30 <10.1.0.128	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-52405 // JVNDB: JVNDB-2020-009985 // NVD: CVE-2020-9104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9104
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009985
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-52405
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202008-1001
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9104
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009985
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-52405
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9104
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009985
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-52405 // JVNDB: JVNDB-2020-009985 // CNNVD: CNNVD-202008-1001 // NVD: CVE-2020-9104

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.8

sources: JVNDB: JVNDB-2020-009985 // NVD: CVE-2020-9104

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202008-1001

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1001

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009985

PATCH

title:	huawei-sa-20200819-01-smartphonedos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en	Trust: 0.8
title:	Patch for Huawei P30 Denial of Service Vulnerability (CNVD-2020-52405)	url:	https://www.cnvd.org.cn/patchInfo/show/234334	Trust: 0.6
title:	Huawei P30 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126791	Trust: 0.6

sources: CNVD: CNVD-2020-52405 // JVNDB: JVNDB-2020-009985 // CNNVD: CNNVD-202008-1001

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9104	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-009985	Trust: 0.8
db:	CNVD	id:	CNVD-2020-52405	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-1001	Trust: 0.6

sources: CNVD: CNVD-2020-52405 // JVNDB: JVNDB-2020-009985 // CNNVD: CNNVD-202008-1001 // NVD: CVE-2020-9104

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9104	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200819-01-smartphonedos-cn	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9104	Trust: 0.8

sources: CNVD: CNVD-2020-52405 // JVNDB: JVNDB-2020-009985 // CNNVD: CNNVD-202008-1001 // NVD: CVE-2020-9104

SOURCES

db:	CNVD	id:	CNVD-2020-52405
db:	JVNDB	id:	JVNDB-2020-009985
db:	CNNVD	id:	CNNVD-202008-1001
db:	NVD	id:	CVE-2020-9104

LAST UPDATE DATE

2024-11-23T21:51:23.335000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52405	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-009985	date:	2020-12-15T08:41:20
db:	CNNVD	id:	CNNVD-202008-1001	date:	2020-08-27T00:00:00
db:	NVD	id:	CVE-2020-9104	date:	2024-11-21T05:40:02.623

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52405	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-009985	date:	2020-12-15T08:41:20
db:	CNNVD	id:	CNNVD-202008-1001	date:	2020-08-19T00:00:00
db:	NVD	id:	CVE-2020-9104	date:	2020-08-21T14:15:11.340