CVE-2024-45448 – This vulnerability involves improper page table... (How to Fix)

Q: What is the severity of CVE-2024-45448?

CVE-2024-45448 has a CVSS score of 4.1 (MEDIUM). This vulnerability involves improper page table protection configuration in Huawei's trusted firmware module, potentially allowing unauthorized access to protected memory regions. It affects Huawei devices running vulnerable firmware versions. Successful exploitation could lead to information disclosure of sensitive data.

📋 TL;DR

This vulnerability involves improper page table protection configuration in Huawei's trusted firmware module, potentially allowing unauthorized access to protected memory regions. It affects Huawei devices running vulnerable firmware versions. Successful exploitation could lead to information disclosure of sensitive data.

💻 Affected Systems

Products:

Huawei devices with affected trusted firmware

Versions: Specific versions not detailed in provided references; check Huawei advisories for exact affected versions

Operating Systems: Huawei HarmonyOS, Android-based Huawei systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Huawei devices with vulnerable trusted firmware implementations; exact device models and firmware versions require checking Huawei's security bulletins.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could bypass memory protection mechanisms to read sensitive data from protected memory regions, potentially exposing cryptographic keys, authentication credentials, or other confidential information.

🟠

Likely Case

Information disclosure of system memory contents, potentially revealing sensitive data that should be protected by the trusted firmware module.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to potential information disclosure rather than system compromise.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires local access and deep knowledge of firmware/hardware interactions; no public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletins for specific patched firmware versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/11/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletins for affected devices. 2. Apply firmware updates through official Huawei update channels. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict physical and local access

all

Limit physical access to devices and implement strict local access controls to reduce attack surface

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to affected devices
Monitor for unusual memory access patterns or firmware-related anomalies

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Huawei's security bulletins; no automated detection command available

Check Version:

Device-specific; typically in Settings > About Phone > Build Number or similar

Verify Fix Applied:

Verify firmware version has been updated to patched version listed in Huawei advisories

📡 Detection & Monitoring

Log Indicators:

Unusual firmware access patterns
Memory protection violation logs if available

Network Indicators:

Not network exploitable; primarily local access required

SIEM Query:

Not applicable for network detection; focus on local access monitoring and firmware integrity checks

📊 Metadata

CVE ID: CVE-2024-45448

CVSS v3 Score: 4.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1259

Published: September 4, 2024

Last Updated: September 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45448, you might also want to check these: