Security Advisory - Use-after-free Vulnerability in Some Huawei Smart Phone

2020-09-16T00:00:00
ID HUAWEI-SA-20200916-01-SMARTPHONE
Type huawei
Reporter Huawei Technologies
Modified 2020-09-16T00:00:00

Description

There is a use-after-free (UAF) vulnerability in some Huawei smart phone. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. (Vulnerability ID: HWPSIRT-2020-03109)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9084.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en