Description
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability disruption caused by out-of-bounds write in the IMS module
Action: Update Firmware
AI Analysis

Impact

A buffer overflow in the IMS module allows an attacker to write data beyond the intended memory boundaries, potentially disrupting system operation. The flaw is identified as an out-of-bounds write and is linked to integer overflow weaknesses. Successful exploitation may lead to service interruption or loss of system availability.

Affected Systems

Huawei EMUI versions 14.0.0, 14.2.0, and 15.0.0 and Huawei HarmonyOS versions 4.0.0, 4.2.0, 4.3.0, 4.3.1, 5.1.0, and 6.0.0 are affected. The vulnerability is present in the IMS module across all listed firmware builds, with no documented fix or patch in the provided data.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate severity level. The EPSS score of less than 1% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly stated, but the impact on availability implies that localized execution or interaction with vulnerable services could be sufficient to trigger the flaw, making it a concern for devices running the impacted operating systems.

Generated by OpenCVE AI on April 16, 2026 at 12:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for EMUI or HarmonyOS once released by Huawei
  • If an update is unavailable, disable or restrict use of the IMS module or the services that rely on it to limit the exposure surface
  • Implement monitoring of system logs for abnormal behavior potentially linked to out-of-bounds writes and enforce least privilege for processes interacting with the IMS module

Generated by OpenCVE AI on April 16, 2026 at 12:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title IMS Module Out‑of‑Bounds Write Causing Availability Disruption

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Weaknesses CWE-787
CPEs cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:15.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:00:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-19
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:41:13.000Z

Reserved: 2026-02-28T03:58:12.089Z

Link: CVE-2026-28552

cve-icon Vulnrichment

Updated: 2026-03-05T15:29:07.402Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:59.793

Modified: 2026-03-05T21:41:19.967

Link: CVE-2026-28552

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses