CVE-2024-57958

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

17 March 2025

KEV Added

—

Patch

—

CVSS Score 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

EPSS Score 0.0005 16.2th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Security Summary

CVE-2024-57958 is an out-of-bounds array read vulnerability (CWE-125) in the FFRT module. This flaw affects certain Huawei consumer products, as detailed in the vendor's security bulletin.

The vulnerability has a CVSS v3.1 base score of 5.7 (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L), indicating it can be exploited by a local attacker requiring no privileges or user interaction, with low attack complexity. Successful exploitation may allow the attacker to cause features to perform abnormally, resulting in low-impact confidentiality and availability effects due to the changed scope.

Huawei has published a security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/ addressing this vulnerability, which security practitioners should consult for mitigation details and available patches.

Details

CWE(s): CWE-125

Affected Products

huawei

emui

14.0.0

huawei

harmonyos

4.0.0, 4.2.0, 4.3.0, 5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com