CVE-2024-54106 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2024-54106?

CVE-2024-54106 has a CVSS score of 7.1 (HIGH). This CVE describes a null pointer dereference vulnerability in Huawei's image decoding module that can cause denial of service. Attackers can crash affected systems by sending specially crafted image files. This affects Huawei consumer devices running vulnerable software versions.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in Huawei's image decoding module that can cause denial of service. Attackers can crash affected systems by sending specially crafted image files. This affects Huawei consumer devices running vulnerable software versions.

💻 Affected Systems

Products:

Huawei consumer devices with image processing capabilities

Versions: Specific versions not detailed in provided reference; check Huawei advisory for exact ranges

Operating Systems: HarmonyOS, Android-based Huawei systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default image decoding functionality; any application using affected module is vulnerable

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring reboot, potentially disrupting critical services or device functionality

🟠

Likely Case

Application crash or service disruption when processing malicious image files

🟢

If Mitigated

Application gracefully handles the error with minimal disruption

🌐 Internet-Facing: MEDIUM - Requires attacker to deliver malicious image file, but many services accept image uploads

🏢 Internal Only: LOW - Requires user interaction or specific image processing scenarios

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires delivering malicious image file; no authentication needed to trigger vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/12/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected devices. 2. Apply latest security updates via device settings. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic decoding of untrusted image files

Use trusted image sources only

all

Restrict image processing to files from verified sources

🧯 If You Can't Patch

Implement network filtering to block suspicious image files
Monitor for application crashes related to image processing

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei's affected version list in advisory

Check Version:

Settings > About phone > Software information (varies by device)

Verify Fix Applied:

Verify software version matches or exceeds patched version specified in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes during image processing
Null pointer exception logs in system logs

Network Indicators:

Unusual image file transfers to vulnerable systems

SIEM Query:

Application:ImageDecoder AND (Event:Crash OR Exception:NullPointer)

📊 Metadata

CVE ID: CVE-2024-54106

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE: CWE-248

Published: December 12, 2024

Last Updated: December 12, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/12/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54106, you might also want to check these: