CVE-2019-5216

There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code.

Published: Jun 6, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5216
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
huawei / honor_view_10_firmware	-	berkeley-al20_9.0.0.156\(c00e156r2p14t8\)
huawei / honor_10_firmware	-	columbia-al10b_9.0.0.156\(c00e156r1p20t8\)
huawei / honor_play_firmware	-	cornell-al00a_9.0.0.156\(c00e156r1p13t8\)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en

Vulnerability Database

289,784

CVE-2019-5216