CVE-2020-1804 – This vulnerability in Huawei Honor V10 smartpho... (How to Fix)

Q: What is the severity of CVE-2020-1804?

CVE-2020-1804 has a CVSS score of 7.1 (HIGH). This vulnerability in Huawei Honor V10 smartphones allows out-of-bounds read in a driver program due to insufficient parameter validation. Successful exploitation could lead to information disclosure or service disruption. Only affects Huawei Honor V10 smartphones running versions earlier than 10.0.0.156(C00E156R2P4).

📋 TL;DR

This vulnerability in Huawei Honor V10 smartphones allows out-of-bounds read in a driver program due to insufficient parameter validation. Successful exploitation could lead to information disclosure or service disruption. Only affects Huawei Honor V10 smartphones running versions earlier than 10.0.0.156(C00E156R2P4).

💻 Affected Systems

Products:

Huawei Honor V10 smartphone

Versions: Versions earlier than 10.0.0.156(C00E156R2P4)

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: This is one of three related out-of-bounds vulnerabilities (CVE-2020-1804, CVE-2020-1805, CVE-2020-1806)

📦 What is this software?

Honor V10 Firmware by Huawei

View all CVEs affecting Honor V10 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive information disclosure from kernel memory leading to privilege escalation or complete device compromise

🟠

Likely Case

Information leakage causing privacy violations or application/service crashes

🟢

If Mitigated

Limited impact due to patch availability and device-specific nature

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable

🏢 Internal Only: MEDIUM - Physical or local access could lead to information disclosure

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to device and driver interaction; part of a trio of similar vulnerabilities

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.0.156(C00E156R2P4) or later

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Restart Required: Yes

Instructions:

1. Check current version in Settings > About phone > Software version. 2. If version is earlier than 10.0.0.156(C00E156R2P4), go to Settings > System & updates > Software update. 3. Download and install available updates. 4. Restart device after update completes.

🔧 Temporary Workarounds

Restrict physical access

all

Limit physical access to vulnerable devices to prevent local exploitation

Disable unnecessary drivers

android

Disable or restrict access to vulnerable driver if possible (requires root access)

🧯 If You Can't Patch

Isolate vulnerable devices from sensitive networks and data
Implement strict physical security controls and device usage policies

🔍 How to Verify

Check if Vulnerable:

Navigate to Settings > About phone > Software version and check if version is earlier than 10.0.0.156(C00E156R2P4)

Check Version:

adb shell getprop ro.build.version.incremental

Verify Fix Applied:

After update, verify version is 10.0.0.156(C00E156R2P4) or later in Settings > About phone > Software version

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Driver crash reports
Memory access violation logs

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

Device logs showing kernel or driver crashes on Huawei Honor V10 devices

📊 Metadata

CVE ID: CVE-2020-1804

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: April 27, 2020

Last Updated: November 21, 2024

🔗 References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-1804, you might also want to check these: