CVE-2024-56444

High

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0024 47.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Security Summary

CVE-2024-56444 is a cross-process screen stack vulnerability in the UIExtension module. Published on January 8, 2025, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-264 (Permissions, Privileges, and Access Controls). Successful exploitation may affect service confidentiality.

Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Exploitation enables high-impact confidentiality violations, such as unauthorized access to sensitive service data, while integrity and availability remain unaffected.

Huawei has published a security bulletin addressing this issue at https://consumer.huawei.com/en/support/bulletin/2025/1/, which likely details affected versions and mitigation steps.

Details

CWE(s): CWE-264NVD-CWE-noinfo

Affected Products

huawei

harmonyos

5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com