CVE-2021-22303

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.

CVSS v3 3.3 LOW
CVSS v2.0 4.3 MEDIUM

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-02-smartphone-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\(c00e1r1p1\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-06 01:15

Updated : 2024-02-28 18:08

NVD link : CVE-2021-22303

Mitre link : CVE-2021-22303

CVE.ORG link : CVE-2021-22303

JSON object : View

Products Affected

huawei

taurus-al00a_firmware
taurus-al00a

CWE

CWE-415

Double Free

{"id": "CVE-2021-22303", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2021-02-06T01:15:13.810", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210127-02-smartphone-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de doble liberaci\u00f3n de puntero en Taurus-AL00A versi\u00f3n 10.0.0.1(C00E1R1P1). Se presenta una falta de protecci\u00f3n entre m\u00faltiples subprocesos cuando es llamada una funci\u00f3n. Unos atacantes pueden explotar esta vulnerabilidad al llevar a cabo una operaci\u00f3n maliciosa para causar una doble liberaci\u00f3n de puntero. Esto puede causar un bloqueo del m\u00f3dulo, comprometiendo el servicio normal"}], "lastModified": "2021-02-10T22:48:50.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:taurus-al00a_firmware:10.0.0.1\\(c00e1r1p1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1110292D-92A1-4B57-BFE6-042389ED1C2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:taurus-al00a:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "369D8168-4BFA-4003-A332-3E6876459623"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}