Description
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability Degradation
Action: Apply Patch
AI Analysis

Impact

A race condition exists in Huawei HarmonyOS’s device security management module. When multiple processes access shared resources without proper synchronization, the module may enter an inconsistent state, potentially causing it to become hang or unresponsive. Successful exploitation of this flaw can result in a denial‑of‑service condition for device security services, thereby affecting overall system availability. The underlying weakness is identified as CWE‑362.

Affected Systems

Huawei HarmonyOS versions 5.1.0 and 6.0.0 are affected by the race condition in their device security management module.

Risk and Exploitability

The CVSS base score of 4.7 places this vulnerability in the medium severity range, indicating that it can disrupt service availability but is not catastrophic. An EPSS score of less than one percent indicates the likelihood of exploitation in the immediate future is low, and the vulnerability is not listed in the CISA KEV catalog. Because the vulnerability description does not specify a remote vector, it is inferred that the attack likely requires local or privileged access to the device security management component. Overall, the risk is moderate, with low probability but potential for denial of service if local or privileged access is available.

Generated by OpenCVE AI on April 16, 2026 at 12:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest HarmonyOS firmware update from Huawei’s official support site, which contains the fix for the race condition.
  • As a temporary measure, limit or disable local privileged access to the device security management component until the update can be applied.
  • Continuously monitor system logs for indications of device security module hangs or irregularities, and respond promptly to any anomalies.

Generated by OpenCVE AI on April 16, 2026 at 12:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Race Condition in HarmonyOS Device Security Management Leads to Availability Impact

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T14:51:45.870Z

Reserved: 2026-02-28T03:58:12.089Z

Link: CVE-2026-28551

cve-icon Vulnrichment

Updated: 2026-03-05T14:51:39.610Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T09:16:11.897

Modified: 2026-03-05T21:43:03.713

Link: CVE-2026-28551

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses