Login Sign Up

CVE-2023-52383

4.7 MEDIUM
Denial of Service

📋 TL;DR

A double-free vulnerability in the RSMC module of Huawei devices running HarmonyOS allows attackers to cause denial of service by freeing the same memory location twice. This affects availability of affected Huawei smartphones and tablets. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
Versions: HarmonyOS versions before the May 2024 security updates
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with RSMC module enabled (typically enabled by default).

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or device reboot, rendering the device temporarily unusable until restart.

🟠

Likely Case

Application crash or system instability affecting specific functions of the RSMC module.

🟢

If Mitigated

Minimal impact with proper access controls and isolation preventing local attackers from reaching vulnerable code.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely accessible.
🏢 Internal Only: MEDIUM - Local attackers or malicious apps could trigger the vulnerability to cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger specific RSMC module operations. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2024 security updates for HarmonyOS

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/5/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings. 2. Install the May 2024 security update. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Restrict local application permissions

all

Limit which applications have system-level access to reduce attack surface

🧯 If You Can't Patch

  • Implement strict application vetting and installation controls
  • Monitor for abnormal system crashes or RSMC module failures

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If before May 2024 security update, device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version shows May 2024 security update installed in Settings > About phone > HarmonyOS version.

📡 Detection & Monitoring

Log Indicators:

  • RSMC module crash logs
  • System stability reports showing memory corruption

Network Indicators:

  • No network indicators - local vulnerability only

SIEM Query:

Search for RSMC module crash events or memory corruption errors in system logs

📊 Metadata

CVE ID: CVE-2023-52383
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-415
Published: May 14, 2024
Last Updated: December 9, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52383, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)