Details of VAR-202010-1165

ID

VAR-202010-1165

CVE

CVE-2020-9263

TITLE

HUAWEI Mate 30 and HUAWEI P30 Vulnerabilities in the use of freed memory

Trust: 0.8

sources: JVNDB: JVNDB-2020-012482

DESCRIPTION

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution. HUAWEI Mate 30 and HUAWEI P30 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. There is a security vulnerability in Huawei Mate 30 10.1.0.150 (C00E136R5P3). The vulnerability is caused by the system using the released memory. Attackers can use this vulnerability to execute code with the help of specially crafted applications. Huawei products could allow a local authenticated malicious user to execute arbitrary code on the system, caused by a use-after-free vulnerability

Trust: 2.25

sources: NVD: CVE-2020-9263 // JVNDB: JVNDB-2020-012482 // CNVD: CNVD-2020-52412 // VULMON: CVE-2020-9263

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52412

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.160\(c00e160r2p11\)	Trust: 1.0
vendor:	huawei	model:	mate 30	scope:	lt	version:	10.1.0.150\(c00e136r5p3\)	Trust: 1.0
vendor:	huawei	model:	mate 30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	p30	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	mate <10.1.0.150	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2020-52412 // JVNDB: JVNDB-2020-012482 // NVD: CVE-2020-9263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9263
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-9263
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-52412
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202007-089
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-9263
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9263
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-52412
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9263
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9263
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-52412 // VULMON: CVE-2020-9263 // JVNDB: JVNDB-2020-012482 // CNNVD: CNNVD-202007-089 // NVD: CVE-2020-9263

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012482 // NVD: CVE-2020-9263

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202007-089

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202007-089

PATCH

title:	huawei-sa-20200701-07-smartphone	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en	Trust: 0.8
title:	Patch for Huawei Mate 30 UAF vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/234412	Trust: 0.6
title:	Huawei Mate 30 Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122885	Trust: 0.6

sources: CNVD: CNVD-2020-52412 // JVNDB: JVNDB-2020-012482 // CNNVD: CNNVD-202007-089

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9263	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-012482	Trust: 0.8
db:	CNVD	id:	CNVD-2020-52412	Trust: 0.6
db:	NSFOCUS	id:	47061	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-089	Trust: 0.6
db:	VULMON	id:	CVE-2020-9263	Trust: 0.1

sources: CNVD: CNVD-2020-52412 // VULMON: CVE-2020-9263 // JVNDB: JVNDB-2020-012482 // CNNVD: CNNVD-202007-089 // NVD: CVE-2020-9263

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-07-smartphone-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9263	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-07-smartphone-cn	Trust: 1.2
url:	http://www.nsfocus.net/vulndb/47061	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/416.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/184424	Trust: 0.1

sources: CNVD: CNVD-2020-52412 // VULMON: CVE-2020-9263 // JVNDB: JVNDB-2020-012482 // CNNVD: CNNVD-202007-089 // NVD: CVE-2020-9263

SOURCES

db:	CNVD	id:	CNVD-2020-52412
db:	VULMON	id:	CVE-2020-9263
db:	JVNDB	id:	JVNDB-2020-012482
db:	CNNVD	id:	CNNVD-202007-089
db:	NVD	id:	CVE-2020-9263

LAST UPDATE DATE

2024-11-23T22:33:16.362000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52412	date:	2020-09-17T00:00:00
db:	VULMON	id:	CVE-2020-9263	date:	2020-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-012482	date:	2021-05-10T07:32:00
db:	CNNVD	id:	CNNVD-202007-089	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2020-9263	date:	2024-11-21T05:40:17.970

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52412	date:	2020-09-17T00:00:00
db:	VULMON	id:	CVE-2020-9263	date:	2020-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-012482	date:	2021-05-10T00:00:00
db:	CNNVD	id:	CNNVD-202007-089	date:	2020-07-01T00:00:00
db:	NVD	id:	CVE-2020-9263	date:	2020-10-19T20:15:13.323