Login Sign Up

CVE-2024-57959

6.1 MEDIUM

📋 TL;DR

A Use-After-Free vulnerability in the display module allows attackers to exploit memory corruption after memory has been freed. This could lead to abnormal feature behavior, crashes, or potentially code execution. Affects Huawei products with vulnerable display modules.

💻 Affected Systems

Products:
  • Huawei devices with vulnerable display modules
Versions: Specific versions not detailed in reference; check Huawei advisory for affected versions.
Operating Systems: Android-based Huawei systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei consumer devices; enterprise systems may have different configurations.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise or persistent malware installation.

🟠

Likely Case

Application crashes, denial of service, or abnormal display behavior causing system instability.

🟢

If Mitigated

Limited to application crashes with proper memory protections and exploit mitigations enabled.

🌐 Internet-Facing: MEDIUM - Requires specific conditions but could be exploited if vulnerable service is exposed.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Use-After-Free vulnerabilities typically require specific timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/2/

Restart Required: Yes

Instructions:

1. Check Huawei security bulletin for affected devices. 2. Apply latest security updates via Settings > System & updates > Software update. 3. Reboot device after update completes.

🔧 Temporary Workarounds

Disable unnecessary display features

android

Reduce attack surface by disabling non-essential display modules and animations

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei security bulletin

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify software version matches patched version in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

  • Application crashes in display services
  • Memory access violation errors

Network Indicators:

  • Unusual outbound connections from display processes

SIEM Query:

process_name:"display" AND (event_type:"crash" OR memory_violation:"true")

📊 Metadata

CVE ID: CVE-2024-57959
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE: CWE-416
EPSS Score: 0.06% exploit probability (17th percentile)
Published: February 6, 2025
Last Updated: March 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57959, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)