CVE-2021-22304
Summary
| CVE | CVE-2021-22304 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-06 03:15:00 UTC |
| Updated | 2021-02-10 22:55:00 UTC |
| Description | There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service. |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Huawei | Taurus-al00a | - | All | All | All |
| Hardware | Huawei | Taurus-al00a | - | All | All | All |
| Hardware | Huawei | Taurus-al00a | - | All | All | All |
| Operating System | Huawei | Taurus-al00a Firmware | 10.0.0.1\(c00e1r1p1\) | All | All | All |
| Operating System | Huawei | Taurus-al00a Firmware | 10.0.0.1\(c00e1r1p1\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory - Use After Free Vulnerability in Huawei Smartphone | CONFIRM | www.huawei.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.