Description
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability (Denial of Service)
Action: Patch Immediately
AI Analysis

Impact

A flaw in the HarmonyOS scanning module allows an attacker to trigger an uninitialized pointer access, which can lead to memory corruption and crash the device. The vulnerability is classified as CWE-824, indicating a use‑after‑free or pointer misuse scenario that threatens the system’s availability by potentially causing a denial of service. The CVE description explicitly states that successful exploitation may affect availability, underscoring the operational impact.

Affected Systems

The affected product is Huawei’s HarmonyOS operating system, specifically version 6.0.0 as indicated by the CPE string. No additional affected releases are listed, so it is prudent to assume that later HarmonyOS iterations could also be vulnerable if they incorporate the same scanning module code without rectification.

Risk and Exploitability

The CVSS score of 6.8 reflects moderate severity. The EPSS score under 1% indicates a very low probability that the vulnerability will be actively exploited in the wild. The vulnerability is not listed in the CISA KEV catalog, further suggesting limited real‑world exploitation. Based on the description, it is inferred that the attack vector is local; an attacker would need to invoke the scanning module, perhaps via user interaction or a local process, to trigger the uninitialized pointer access. There is no evidence in the data of a remote exploitation path. The impact remains a crash or reboot that impairs availability, with no known privilege escalation or confidentiality breach.

Generated by OpenCVE AI on April 16, 2026 at 12:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HarmonyOS security bulletin that includes a fix for the scanning module.
  • Limit user privileges so that only trusted processes can invoke the scanning functionality.
  • Reboot the device after applying the update to ensure the new code is loaded.

Generated by OpenCVE AI on April 16, 2026 at 12:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Uninitialized Pointer Access in HarmonyOS Scanning Module Leading to Availability Impact

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-824
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:40:27.836Z

Reserved: 2026-02-28T03:58:12.088Z

Link: CVE-2026-28547

cve-icon Vulnrichment

Updated: 2026-03-05T15:28:50.327Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T09:16:11.400

Modified: 2026-03-05T21:44:41.953

Link: CVE-2026-28547

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses