Description
Address read vulnerability in the HDC module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Published: 2026-02-06
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure and Service Disruption
Action: Apply Patch
AI Analysis

Impact

A buffer overread flaw exists in the HarmonyOS HDC module, which can enable an attacker to read adjacent memory. Successful exploitation may expose private data and cause application instability or system crashes, leading to loss of confidentiality and availability.

Affected Systems

The vulnerability affects Huawei HarmonyOS operating systems, specifically the 6.0.0 build found on phones, tablets, laptops, and wearable devices as listed by Huawei’s consumer support bulletins for February 2026.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, while the EPSS score of less than 1% points to a low likelihood of widespread exploitation. The vulnerability is not listed in the KEV catalog, and no official workaround is available. Based on the description, the attack vector is likely local to the device, requiring interaction with the HDC module. The combination of moderate CVSS and very low EPSS suggests that while the potential impact is significant, the probability of real-world exploitation remains minimal at present.

Generated by OpenCVE AI on April 17, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the security update released in the February 2026 Huawei consumer bulletins that patches the HDC module toward HarmonyOS 6.0.0.
  • Upgrade to the latest HarmonyOS release (such as 6.1.0 or newer) once it is available through official channels.
  • Limit or disable the use of the HDC component by configuring app permissions or device policies until the patch is applied, reducing the attack surface relevant to CWE‑125.

Generated by OpenCVE AI on April 17, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Address Read Vulnerability in HarmonyOS HDC Module Leading to Information Disclosure and Potential Downtime

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T16:53:12.075Z

Reserved: 2026-01-28T06:05:05.257Z

Link: CVE-2026-24921

cve-icon Vulnrichment

Updated: 2026-02-06T16:53:04.167Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:50.583

Modified: 2026-02-10T18:06:28.350

Link: CVE-2026-24921

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses