CVE-2024-47294 – This vulnerability in Huawei's input method fra... (How to Fix)

Q: What is the severity of CVE-2024-47294?

CVE-2024-47294 has a CVSS score of 4.4 (MEDIUM). This vulnerability in Huawei's input method framework allows attackers to bypass access permission checks, potentially disrupting system availability. It affects Huawei devices running specific EMUI versions. The impact is limited to availability rather than data compromise.

📋 TL;DR

This vulnerability in Huawei's input method framework allows attackers to bypass access permission checks, potentially disrupting system availability. It affects Huawei devices running specific EMUI versions. The impact is limited to availability rather than data compromise.

💻 Affected Systems

Products:

Huawei smartphones and tablets

Versions: EMUI 14.0.0.300 and earlier versions

Operating Systems: Android-based EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Huawei devices with EMUI; other Android devices are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could cause denial of service by crashing the input method service, making the device temporarily unusable for text input.

🟠

Likely Case

Local applications could trigger the vulnerability to disrupt input functionality, requiring a device restart to restore normal operation.

🟢

If Mitigated

With proper application sandboxing and least privilege principles, the impact would be limited to the affected application's context.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the device.

🏢 Internal Only: MEDIUM - Malicious local applications could exploit this to disrupt device usability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local application access and knowledge of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EMUI 14.0.0.301 and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/10/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Download and install the latest EMUI update. 3. Restart the device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary input methods

all

Reduce attack surface by disabling unused input method services

Settings > System & updates > Languages & input > Virtual keyboard > Manage keyboards

Restrict app permissions

all

Review and restrict input method permissions for suspicious applications

Settings > Apps > [App Name] > Permissions

🧯 If You Can't Patch

Monitor for abnormal input method crashes or system instability
Implement application allowlisting to prevent unauthorized apps from running

🔍 How to Verify

Check if Vulnerable:

Check EMUI version in Settings > About phone > EMUI version. If version is 14.0.0.300 or earlier, device is vulnerable.

Check Version:

Settings > About phone > EMUI version

Verify Fix Applied:

Verify EMUI version is 14.0.0.301 or later after applying the update.

📡 Detection & Monitoring

Log Indicators:

InputMethodService crashes
Permission denial logs related to input framework

Network Indicators:

No network indicators - this is a local vulnerability

SIEM Query:

No applicable network SIEM query - monitor device logs for input service crashes

📊 Metadata

CVE ID: CVE-2024-47294

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-16

Published: September 27, 2024

Last Updated: October 1, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/10/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47294, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable unnecessary input methods

Restrict app permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities