Login Sign Up

CVE-2024-36502

7.9 HIGH
Denial of Service

📋 TL;DR

An out-of-bounds read vulnerability in Huawei audio modules could allow attackers to cause denial of service conditions. This affects Huawei consumer devices with vulnerable audio components. The vulnerability impacts availability but not confidentiality or integrity.

💻 Affected Systems

Products:
  • Huawei consumer devices with vulnerable audio modules
Versions: Specific versions not detailed in provided references
Operating Systems: HarmonyOS, Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the specific vulnerable audio module implementation

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or audio service failure requiring device restart

🟠

Likely Case

Audio functionality disruption or application crashes affecting media playback

🟢

If Mitigated

Limited impact with proper input validation and memory protections

🌐 Internet-Facing: LOW - Requires local access or specific conditions for exploitation
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with device access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires specific conditions to trigger the out-of-bounds read

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Huawei security bulletins for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/6/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected devices 2. Apply latest security updates via device settings 3. Reboot device after update completion

🔧 Temporary Workarounds

Disable unnecessary audio services

all

Reduce attack surface by disabling unused audio features

Application sandboxing

all

Restrict third-party app permissions to audio services

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Implement strict application whitelisting policies

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei security bulletins

Check Version:

Settings > About phone > Software information

Verify Fix Applied:

Verify software version matches patched versions in Huawei advisories

📡 Detection & Monitoring

Log Indicators:

  • Audio service crashes
  • Memory access violation logs
  • Unexpected audio module restarts

Network Indicators:

  • None - local vulnerability

SIEM Query:

Event logs containing audio service failures or memory access errors

📊 Metadata

CVE ID: CVE-2024-36502
CVSS v3 Score: 7.9 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
CWE: CWE-125
Published: June 14, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36502, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)