CVE-2024-54110 – This CVE describes a cross-process screen stack... (How to Fix)

Q: What is the severity of CVE-2024-54110?

CVE-2024-54110 has a CVSS score of 6.2 (MEDIUM). This CVE describes a cross-process screen stack vulnerability in Huawei's UIExtension module that could allow unauthorized access to screen content across application boundaries. Successful exploitation could lead to information disclosure of sensitive data displayed on screen. This affects Huawei devices running vulnerable versions of their software.

📋 TL;DR

This CVE describes a cross-process screen stack vulnerability in Huawei's UIExtension module that could allow unauthorized access to screen content across application boundaries. Successful exploitation could lead to information disclosure of sensitive data displayed on screen. This affects Huawei devices running vulnerable versions of their software.

💻 Affected Systems

Products:

Huawei devices with UIExtension module

Versions: Specific versions not detailed in provided reference; check Huawei advisory for exact affected versions

Operating Systems: Huawei HarmonyOS/EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the UIExtension module which handles cross-process UI interactions. Exact device models and software versions need verification from Huawei's advisory.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could capture sensitive information displayed on screen including passwords, personal data, financial information, or confidential business data from any running application.

🟠

Likely Case

Information leakage of non-critical application data or partial screen content, potentially exposing user interface elements or application state.

🟢

If Mitigated

Limited impact with proper application sandboxing and process isolation controls in place, potentially preventing cross-application data access.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the device, not directly exploitable over the internet.

🏢 Internal Only: MEDIUM - Malicious apps or compromised processes on the device could exploit this to access data from other applications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation. Cross-process vulnerabilities typically require specific conditions to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/12/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected versions. 2. Apply latest security updates via device settings. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Restrict app permissions

all

Review and restrict unnecessary app permissions, especially accessibility services and screen overlay permissions

Disable unnecessary UIExtension features

all

Disable any unnecessary cross-application UI sharing features if configurable

🧯 If You Can't Patch

Isolate sensitive applications on separate user profiles or secure containers
Implement application allowlisting to prevent unauthorized app installations

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei's security advisory for affected versions

Check Version:

Settings > About phone > Software information (exact path may vary by device)

Verify Fix Applied:

Verify software version has been updated to patched version listed in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Unusual cross-process UI access attempts
Abnormal UIExtension module activity

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Not applicable for typical mobile device deployments

📊 Metadata

CVE ID: CVE-2024-54110

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-1021

Published: December 12, 2024

Last Updated: September 18, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/12/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54110, you might also want to check these: