CVE-2024-56434

Medium

Published: 08 January 2025

Published

08 January 2025

Modified

18 September 2025

KEV Added

—

Patch

—

CVSS Score 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

EPSS Score 0.0010 28.1th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Description

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

Security Summary

CVE-2024-56434 is a Use-After-Free (UAF) vulnerability, classified under CWE-416, in the device node access module. Published on 2025-01-08, it carries a CVSS v3.1 base score of 4.4 (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H) and affects Huawei devices.

Exploitation requires local access, high attack complexity, low privileges, and user interaction. A successful attack can cause service exceptions on the device, leading to a denial-of-service condition with high availability impact but no confidentiality or integrity effects.

Huawei's security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on the vulnerability, including recommended mitigations and patches.

Details

CWE(s): CWE-416NVD-CWE-noinfo

Affected Products

huawei

emui

14.0.0

huawei

harmonyos

4.0.0, 4.2.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com