CVE-2024-57961

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

17 March 2025

KEV Added

—

Patch

—

CVSS Score 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

EPSS Score 0.0006 17.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Security Summary

CVE-2024-57961 is an out-of-bounds write vulnerability (CWE-787) in the emcom module. It was published on 2025-02-06 and carries a CVSS v3.1 base score of 6.8 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L), rated as medium severity. The vulnerability affects Huawei consumer products, as detailed in the vendor's security bulletin.

A local attacker requires no privileges, low attack complexity, and no user interaction to exploit this vulnerability. Successful exploitation can result in high confidentiality impact, potentially allowing unauthorized access to sensitive data, alongside low availability impact that may cause affected features to perform abnormally.

Huawei's security advisory provides details on mitigation; practitioners should consult the bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/ for patches and remediation guidance.

Details

CWE(s): CWE-787

Affected Products

huawei

emui

13.0.0

huawei

harmonyos

3.0.0, 4.2.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com