CVE-2024-56440

Medium

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0007 21.7th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Security Summary

CVE-2024-56440 is a permission control vulnerability (CWE-264, CWE-276) in the Connectivity module. Published on 2025-01-08, it carries a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a medium-severity issue with high availability impact but no confidentiality or integrity effects. The vulnerability causes features to perform abnormally upon successful exploitation.

A local attacker requires no privileges or user interaction and faces low attack complexity to exploit this issue. Exploitation results in denial of service, disrupting normal operation of affected features in the Connectivity module.

The Huawei security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on mitigation and patches for affected consumer devices.

Details

CWE(s): CWE-264CWE-276

Affected Products

huawei

emui

13.0.0, 14.0.0

huawei

harmonyos

3.0.0, 3.1.0, 4.0.0, 4.2.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com