CVE-2024-51529
Improper Input Validation (CWE-20)
Summary
Data verification vulnerability in the battery module. Successful exploitation of this vulnerability may affect function stability.
Impact
This vulnerability could lead to high availability impact. Successful exploitation may result in function instability, potentially causing disruptions to the battery module's operations. Given the local attack vector and low privileges required, an attacker with local access and low-level permissions could potentially exploit this vulnerability to cause system instability or crashes related to battery functionality.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
A patch is available. Huawei has released a security bulletin addressing this vulnerability on November 7, 2024.
Mitigation
1. Apply the patch provided by Huawei as soon as possible. 2. Ensure that only trusted users have local access to affected systems. 3. Monitor for any unusual activity or instability in battery-related functions. 4. Update affected Huawei products to the latest versions, including EMUI (versions 12.0.0, 13.0.0, 14.0.0) and HarmonyOS (versions 2.0.0, 2.1.0, 3.0.0, 3.1.0, 4.0.0, 4.2.0). 5. Implement the principle of least privilege to minimize the potential impact of this vulnerability.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Timeline
Feedly found the first article mentioning CVE-2024-51529. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-51529
A CVSS base score of 5.5 has been assigned.
EPSS Score was set to: 0.04% (Percentile: 10%)