CVE-2019-5216

Severity Score

7.0

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code.

Se presenta una vulnerabilidad de condición de carrera en teléfonos inteligentes Honor V10 de Huawei en versiones anteriores a Berkeley-AL20 9.0.0.156 (C00E156R2P14T8), teléfonos inteligentes Honor 10 versiones anteriores a Columbia-AL10B 9.0.0.156 (C00E156R1P20T8) y teléfonos inteligentes Honor Play versiones anteriores a Cornell-AL00A 9.0 .0.156 (C00E156R1P13T8). Un atacante engaña al usuario para instalar una aplicación maliciosa, que permite a múltiples procesos operar la misma variable al mismo tiempo. La explotación con éxito podría causar la ejecución de código malicioso.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-01-04 CVE Reserved
2019-06-06 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en	2019-06-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Huawei Search vendor "Huawei"	Honor View 10 Firmware Search vendor "Huawei" for product "Honor View 10 Firmware"	< berkeley-al20_9.0.0.156\(c00e156r2p14t8\) Search vendor "Huawei" for product "Honor View 10 Firmware" and version " < berkeley-al20_9.0.0.156\(c00e156r2p14t8\)"	-	Affected	in	Huawei Search vendor "Huawei"	Honor View 10 Search vendor "Huawei" for product "Honor View 10"	-	-	Safe
Huawei Search vendor "Huawei"	Honor 10 Firmware Search vendor "Huawei" for product "Honor 10 Firmware"	< columbia-al10b_9.0.0.156\(c00e156r1p20t8\) Search vendor "Huawei" for product "Honor 10 Firmware" and version " < columbia-al10b_9.0.0.156\(c00e156r1p20t8\)"	-	Affected	in	Huawei Search vendor "Huawei"	Honor 10 Search vendor "Huawei" for product "Honor 10"	-	-	Safe
Huawei Search vendor "Huawei"	Honor Play Firmware Search vendor "Huawei" for product "Honor Play Firmware"	< cornell-al00a_9.0.0.156\(c00e156r1p13t8\) Search vendor "Huawei" for product "Honor Play Firmware" and version " < cornell-al00a_9.0.0.156\(c00e156r1p13t8\)"	-	Affected	in	Huawei Search vendor "Huawei"	Honor Play Search vendor "Huawei" for product "Honor Play"	-	-	Safe