{"api_version":"1","generated_at":"2026-04-23T10:17:57+00:00","cve":"CVE-2019-5228","urls":{"html":"https://cve.report/CVE-2019-5228","api":"https://cve.report/api/cve/CVE-2019-5228.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5228","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5228"},"summary":{"title":"CVE-2019-5228","description":"Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2019-11-12 23:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-362","CWE-787"],"metrics":[],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advisory - Race Condition Vulnerability on Several Smartphones","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5228","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5228","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"5228","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"honor_v20","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"honor_v20","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"honor_v20_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"honor_v20_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p30","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p30","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p30_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p30_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p30_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"p30_pro","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p30_pro_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5228","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"p30_pro_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-5228","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"P30, P30 Pro, Honor V20","version":{"version_data":[{"version_value":"Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Race Condition"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190911-01-smartphone-en"}]},"description":{"description_data":[{"lang":"eng","value":"Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution."}]}},"nvd":{"publishedDate":"2019-11-12 23:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-362","CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"elle-al00b_9.1.0.193\\(c00e190r1p21\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:p30_pro_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"vogue-al00a_9.1.0.193\\(c00e190r1p12\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:p30_pro:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:honor_v20_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"princeton-al10b_9.1.0.233\\(c00e233r4p3\\)","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:honor_v20:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5228","Ordinal":"142844","Title":"CVE-2019-5228","CVE":"CVE-2019-5228","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5228","Ordinal":"1","NoteData":"Certain detection module of P30, P30 Pro, Honor V20 smartphone whith Versions earlier than ELLE-AL00B 9.1.0.193(C00E190R1P21), Versions earlier than VOGUE-AL00A 9.1.0.193(C00E190R1P12), Versions earlier than Princeton-AL10B 9.1.0.233(C00E233R4P3) have a race condition vulnerability. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful exploit could cause malicious code execution.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"5228","Ordinal":"2","NoteData":"2019-11-12","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"5228","Ordinal":"3","NoteData":"2019-11-12","Type":"Other","Title":"Modified"}]}}}