Login Sign Up

CVE-2023-52954

4.4 MEDIUM

📋 TL;DR

This vulnerability involves improper permission control in the Gallery module, allowing unauthorized access to gallery functions. Successful exploitation could affect system availability. This affects Huawei device users with vulnerable Gallery app versions.

💻 Affected Systems

Products:
  • Huawei Gallery app
Versions: Specific versions not detailed in reference; check Huawei advisory for exact affected versions
Operating Systems: HarmonyOS, Android-based Huawei EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei smartphones and tablets with vulnerable Gallery app versions. Exact device models not specified.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for Gallery functionality, potentially affecting device stability if Gallery is system-critical.

🟠

Likely Case

Temporary disruption of Gallery app functionality, preventing access to photos and media.

🟢

If Mitigated

Minimal impact with proper app sandboxing and permission controls in place.

🌐 Internet-Facing: LOW - Gallery module typically doesn't have direct internet exposure.
🏢 Internal Only: MEDIUM - Local app permission issues could affect device usability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access to device and knowledge of specific Gallery permission bypass methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/1/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install available security updates. 3. Update Gallery app from Huawei AppGallery if separate update available. 4. Restart device after update.

🔧 Temporary Workarounds

Disable Gallery app

all

Temporarily disable Gallery app to prevent exploitation

Settings > Apps > Gallery > Disable

Use alternative gallery app

all

Install and use third-party gallery application

🧯 If You Can't Patch

  • Restrict physical access to device
  • Implement strict app permission controls and review all app permissions regularly

🔍 How to Verify

Check if Vulnerable:

Check Gallery app version in Settings > Apps > Gallery > App info. Compare with Huawei security bulletin.

Check Version:

Settings > About phone > Build number (for system) and Settings > Apps > Gallery > App info (for app version)

Verify Fix Applied:

Verify system and Gallery app versions are updated to patched versions specified in Huawei advisory.

📡 Detection & Monitoring

Log Indicators:

  • Gallery app crash logs
  • Permission denial errors in system logs
  • Unexpected Gallery process termination

Network Indicators:

  • None - local vulnerability

SIEM Query:

Not applicable for local app vulnerability

📊 Metadata

CVE ID: CVE-2023-52954
CVSS v3 Score: 4.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CWE: CWE-701
EPSS Score: 0.03% exploit probability (8.2th percentile)
Published: January 8, 2025
Last Updated: January 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON