CVE-2024-56448

CVE-2024-56448 is a vulnerability involving improper access control in the home screen widget module of Huawei consumer devices. This flaw, published on January 8, 2025, is classified under CWE-94 (Code Injection) and NVD-CWE-Other, with a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). Successful exploitation may primarily affect system availability, though the high-impact vector also enables significant confidentiality and integrity compromises.

Exploitation requires local access to the device and high privileges (PR:H), with low attack complexity and no user interaction needed. A privileged local attacker could leverage this improper access control in the home screen widget module to execute arbitrary code or manipulate system resources, potentially leading to high confidentiality loss (e.g., data exposure), integrity violations (e.g., data tampering), and availability disruption (e.g., denial of service).

Huawei's security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on affected devices and recommends applying the available patches or updates to mitigate the vulnerability. Security practitioners should verify device firmware versions against the advisory and enforce privilege restrictions to limit exposure.