Login Sign Up

CVE-2026-24927

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds access vulnerability in a frequency modulation module that could allow attackers to cause denial of service conditions. The vulnerability affects availability of systems using the vulnerable component. Huawei device users with affected software versions are potentially impacted.

💻 Affected Systems

Products:
  • Huawei devices with frequency modulation modules
Versions: Specific versions not detailed in provided reference
Operating Systems: Huawei HarmonyOS, Android-based systems
Default Config Vulnerable: ⚠️ Yes
Notes: Check Huawei advisory for specific affected products and versions

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or persistent denial of service requiring physical intervention to restore functionality

🟠

Likely Case

Temporary service disruption or system instability requiring reboot

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place

🌐 Internet-Facing: MEDIUM - Could be exploited if vulnerable service is exposed, but requires specific conditions
🏢 Internal Only: LOW - Requires local access or network positioning to exploit

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

CWE-416 (Use After Free) typically requires specific conditions to trigger

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Huawei security bulletin for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2026/2/

Restart Required: Yes

Instructions:

1. Check Huawei security advisory for affected products 2. Apply security updates through official channels 3. Reboot device after update installation

🔧 Temporary Workarounds

Disable affected module

all

If frequency modulation functionality is not required, disable the vulnerable module

# Module-specific disable command would depend on exact Huawei device

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to affected systems
  • Deploy monitoring for abnormal system behavior or crash events

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei security bulletin

Check Version:

# On Huawei devices: Settings > System > About phone > Software version

Verify Fix Applied:

Verify software version has been updated to patched version

📡 Detection & Monitoring

Log Indicators:

  • System crash logs
  • Kernel panic messages
  • Module failure events

Network Indicators:

  • Unusual traffic patterns to frequency control services

SIEM Query:

event_type:crash AND module:frequency_modulation

📊 Metadata

CVE ID: CVE-2026-24927
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-416
EPSS Score: 0% exploit probability (0.1th percentile)
Published: February 6, 2026
Last Updated: February 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24927, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)