Cyber Posture

CVE-2024-57959

Medium

Published: 06 February 2025

Published
06 February 2025
Modified
17 March 2025
KEV Added
Patch
CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0010 27.2th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Security Summary

CVE-2024-57959 is a Use-After-Free (UAF) vulnerability, classified under CWE-416, affecting the display module in Huawei consumer products. Published on 2025-02-06, it carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating medium severity with primary impacts on availability and limited integrity.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation may cause features to perform abnormally, potentially leading to high availability disruption such as denial of service on affected display functionalities, alongside low integrity effects.

Huawei has published a security bulletin detailing the issue at https://consumer.huawei.com/en/support/bulletin/2025/2/, which security practitioners should consult for patch information and mitigation guidance.

Details

CWE(s)
CWE-416

Affected Products

huawei
emui
14.0.0
huawei
harmonyos
4.0.0, 4.2.0, 4.3.0, 5.0.0

References