CVE-2024-58114 – This vulnerability in Huawei's ArkUI framework ... (How to Fix)

Q: What is the severity of CVE-2024-58114?

CVE-2024-58114 has a CVSS score of 4.0 (MEDIUM). This vulnerability in Huawei's ArkUI framework involves improper resource allocation control, potentially allowing attackers to cause denial-of-service conditions. It affects devices running Huawei's HarmonyOS with vulnerable ArkUI framework versions. The impact is primarily on availability rather than confidentiality or integrity.

📋 TL;DR

This vulnerability in Huawei's ArkUI framework involves improper resource allocation control, potentially allowing attackers to cause denial-of-service conditions. It affects devices running Huawei's HarmonyOS with vulnerable ArkUI framework versions. The impact is primarily on availability rather than confidentiality or integrity.

💻 Affected Systems

Products:

Huawei devices with HarmonyOS
Devices using ArkUI framework

Versions: Specific versions not detailed in reference; check Huawei advisory for exact ranges

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the ArkUI framework component; affects devices where this framework is used

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability or application crashes affecting multiple services on the device

🟠

Likely Case

Application instability, temporary service disruption, or degraded performance for affected apps

🟢

If Mitigated

Minor performance impact or no noticeable effect with proper resource limits

🌐 Internet-Facing: LOW - Requires local access or app execution; not directly exploitable over network

🏢 Internal Only: MEDIUM - Malicious apps could exploit this to disrupt device functionality

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires malicious app installation or local access; CVSS 4.0 suggests moderate complexity

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2025/6/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected versions 2. Apply latest HarmonyOS updates via Settings > System & updates > Software update 3. Restart device after update completes

🔧 Temporary Workarounds

Limit app permissions

all

Restrict unnecessary permissions for untrusted applications to reduce attack surface

Monitor resource usage

all

Use system monitoring tools to detect abnormal resource consumption patterns

🧯 If You Can't Patch

Isolate affected devices from critical networks
Implement application allowlisting to prevent untrusted app execution

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version and compare with Huawei advisory

Check Version:

Settings > About phone > HarmonyOS version (GUI only, no CLI)

Verify Fix Applied:

Verify HarmonyOS version matches or exceeds patched version listed in Huawei security bulletin

📡 Detection & Monitoring

Log Indicators:

Abnormal resource allocation patterns
Application crashes related to ArkUI framework
Memory exhaustion warnings

Network Indicators:

Not network exploitable; focus on local system monitoring

SIEM Query:

Not applicable - local system vulnerability

📊 Metadata

CVE ID: CVE-2024-58114

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-770

EPSS Score: 0.01% exploit probability (1.6th percentile)

Published: June 6, 2025

Last Updated: July 11, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2025/6/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58114, you might also want to check these: