Login Sign Up

CVE-2023-46760

7.5 HIGH

📋 TL;DR

This CVE describes an out-of-bounds write vulnerability in a kernel driver module that could allow attackers to cause process exceptions or potentially execute arbitrary code. It affects Huawei devices running HarmonyOS. Successful exploitation requires local access to the vulnerable system.

💻 Affected Systems

Products:
  • Huawei devices with HarmonyOS
Versions: Specific HarmonyOS versions as detailed in Huawei security bulletins
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects kernel driver modules in Huawei devices. Exact device models and versions should be verified against Huawei's security bulletins.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, arbitrary code execution with kernel privileges, or system crashes causing denial of service.

🟠

Likely Case

Process crashes leading to denial of service, potential information disclosure, or limited privilege escalation within the affected process context.

🟢

If Mitigated

Minimal impact with proper access controls, process isolation, and security hardening in place.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring access to the system, not directly exploitable over the network.
🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this vulnerability to escalate privileges or cause system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel driver internals. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: As specified in Huawei security bulletins for November 2023

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/11/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletins for affected devices. 2. Apply the latest security updates via device settings. 3. Reboot the device after update installation.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to vulnerable devices

Disable unnecessary kernel modules

linux

If possible, disable or blacklist the affected kernel driver module

modprobe -r <affected_module>
echo 'blacklist <affected_module>' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Implement strict access controls to limit who can access the device locally
  • Monitor system logs for unusual process crashes or kernel panic events

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in device settings and compare against Huawei's security bulletins

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify the device has received and installed the November 2023 security updates

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Process crash dumps
  • Unexpected system reboots
  • Driver module loading errors

Network Indicators:

  • No direct network indicators - this is a local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "segfault") AND process="kernel_module"

📊 Metadata

CVE ID: CVE-2023-46760
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: November 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46760, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)