CVE-2024-56435

CVE-2024-56435 is a cross-process screen stack vulnerability in the UIExtension module, as identified in Huawei's security bulletin. Published on January 8, 2025, it carries a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high impact on confidentiality but no impact on integrity or availability. The vulnerability is linked to CWE-1021 (Improper Restriction of Rendered UI Layers or Frames) and insufficient NVD CWE information.

A local attacker with no privileges required can exploit this vulnerability due to its low attack complexity and lack of need for user interaction. Successful exploitation allows unauthorized access to confidential service data across processes, potentially exposing sensitive information without altering or disrupting system operations.

Huawei's consumer support bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on affected devices and recommended patches or mitigations to address the issue. Security practitioners should review the advisory for version-specific updates and apply them promptly to vulnerable UIExtension implementations.