Double Free

CVE-2019-5282

Medium

6.8/10

Summary

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.

Access Complexity: MEDIUM
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

Advisory Timeline

Published Nov 13, 2019

Double Free

CVE-2019-5282

Summary

CWE-415 - Double Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS