CVE-2020-9147 – CVE-2020-9147 is an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2020-9147?

CVE-2020-9147 has a CVSS score of 7.8 (HIGH). CVE-2020-9147 is an out-of-bounds read vulnerability in Huawei smartphone component interfaces. Local attackers can exploit this by crafting malicious scenarios to read memory beyond allocated buffers, potentially exposing sensitive information. This affects Huawei smartphone users with vulnerable software versions.

📋 TL;DR

CVE-2020-9147 is an out-of-bounds read vulnerability in Huawei smartphone component interfaces. Local attackers can exploit this by crafting malicious scenarios to read memory beyond allocated buffers, potentially exposing sensitive information. This affects Huawei smartphone users with vulnerable software versions.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references; check Huawei advisories for exact affected versions.

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in component interfaces; all default configurations with affected software versions are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive data from device memory, potentially including authentication tokens, passwords, or personal information.

🟠

Likely Case

Local information disclosure allowing attackers to read adjacent memory contents, possibly leading to further exploitation.

🟢

If Mitigated

Limited impact with proper access controls and patched devices, preventing unauthorized local access.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or local access to the device.

🏢 Internal Only: MEDIUM - Malicious insiders or compromised accounts with local access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and careful construction of attack scenarios; no public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/cn/support/bulletin/2021/1

Restart Required: Yes

Instructions:

1. Check for security updates in device settings. 2. Install latest security patch from Huawei. 3. Restart device after update.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and local access to devices to reduce attack surface

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to devices
Monitor devices for unusual local activity or privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei security bulletins for affected versions

Check Version:

Settings > About phone > Build number/EMUI version

Verify Fix Applied:

Verify security patch level in device settings matches or exceeds patched version from Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Unusual local process activity
Memory access violations in system logs

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Not applicable for local memory read vulnerabilities

📊 Metadata

CVE ID: CVE-2020-9147

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: April 1, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/cn/support/bulletin/2021/1 Vendor Advisory
https://consumer.huawei.com/cn/support/bulletin/2021/1 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9147, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities