OpenCVE

Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Huawei	Emui Harmonyos

Configuration 1 [-]

OR	cpe:2.3:o:huawei:emui:14.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:4.2.0:::::::*

No data.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2024/9/
https://https://consumer.huawei.com/en/support/bulletin/2024/9/

History

Fri, 06 Sep 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei emui Huawei harmonyos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:huawei:emui:14.0.0:::::::* cpe:2.3:o:huawei:harmonyos:4.0.0:::::::* cpe:2.3:o:huawei:harmonyos:4.2.0:::::::*
Vendors & Products		Huawei Huawei emui Huawei harmonyos
References		https://consumer.huawei.com/en/support/bulletin/2024/9/

Wed, 04 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 04 Sep 2024 02:45:00 +0000

Type	Values Removed	Values Added
Description		Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses		CWE-701
References		https://https://consumer.huawei.com/en/support/bulletin/2024/9/
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2024-09-04T02:22:15.826Z

Updated: 2024-09-04T13:07:09.553Z

Reserved: 2024-08-29T06:20:19.754Z

Link: CVE-2024-8298

Vulnrichment

Updated: 2024-09-04T13:07:04.940Z

NVD

Status : Analyzed

Published: 2024-09-04T03:15:05.047

Modified: 2024-09-06T14:53:06.890

Link: CVE-2024-8298

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8298", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2024-08-29T06:20:19.754Z", "datePublished": "2024-09-04T02:22:15.826Z", "dateUpdated": "2024-09-04T13:07:09.553Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}]}, {"defaultStatus": "unaffected", "product": "EMUI", "vendor": "Huawei", "versions": [{"status": "affected", "version": "14.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Memory request vulnerability in the memory management module<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality."}], "value": "Memory request vulnerability in the memory management module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-701", "description": "CWE-701 Weaknesses Introduced During Design", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-09-04T02:22:15.826Z"}, "references": [{"url": "https://https://consumer.huawei.com/en/support/bulletin/2024/9/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T13:06:53.827509Z", "id": "CVE-2024-8298", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T13:07:09.553Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8298", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T13:06:53.827509Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T13:07:04.940Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://https://consumer.huawei.com/en/support/bulletin/2024/9/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Memory request vulnerability in the memory management module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Memory request vulnerability in the memory management module<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-701", "description": "CWE-701 Weaknesses Introduced During Design"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-09-04T02:22:15.826Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8298", "state": "PUBLISHED", "dateUpdated": "2024-09-04T13:07:09.553Z", "dateReserved": "2024-08-29T06:20:19.754Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2024-09-04T02:22:15.826Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory request vulnerability in the memory management module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."}, {"lang": "es", "value": "Vulnerabilidad de solicitud de memoria en el m\u00f3dulo de gesti\u00f3n de memoria Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."}], "id": "CVE-2024-8298", "lastModified": "2024-09-06T14:53:06.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2024-09-04T03:15:05.047", "references": [{"source": "nvd@nist.gov", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/9/"}, {"source": "psirt@huawei.com", "tags": ["Broken Link"], "url": "https://https://consumer.huawei.com/en/support/bulletin/2024/9/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-701"}], "source": "psirt@huawei.com", "type": "Secondary"}]}