Description
UAF vulnerability in the screen management module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 2.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: Availability Disruption
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a use‑after‑free in the screen management module of HarmonyOS. Improper handling of memory during screen transitions can corrupt the heap, triggering a crash that results in a loss of screen functionality. The impact is primarily an availability problem: affected devices can become unresponsive or must be rebooted to restore normal operation. This defect is classified as a race‑condition weakness (CWE‑362).

Affected Systems

The affected systems are Huawei HarmonyOS versions 5.1.0 and 6.0.0, as identified by the corresponding CPE entries. Any device running these OS releases without the vendor‑provided patch is susceptible to the defect. The issue is confined to the operating system and does not affect hardware components.

Risk and Exploitability

Risk assessment shows a CVSS score of 2.5, indicating a low overall severity. The EPSS score is below 1 %, suggesting a very low probability of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. Although no public exploit has been reported, the likely attack vector would involve triggering the UAF condition through malicious or malformed screen operations, possibly requiring local access or privileged interaction. Because the damage is limited to availability, the risk to confidentiality or integrity is none; nevertheless, applying the vendor‑issued patch remains the safest approach.

Generated by OpenCVE AI on April 14, 2026 at 17:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Inspect Huawei’s security bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/ and download the official update for HarmonyOS 5.1.0 and 6.0.0.
  • Install the OTA or firmware upgrade on all devices running the vulnerable OS versions.
  • If the update is not yet released, disable or limit use of screen management features to prevent triggering the defect.
  • Continuously monitor device logs for unexpected restarts or crashes and isolate affected units until the patch is applied.

Generated by OpenCVE AI on April 14, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in HarmonyOS Screen Management Causing Availability Disruption

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in HarmonyOS Screen Management Causing Availability Disruption

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T15:01:23.630Z

Reserved: 2026-03-31T01:11:13.700Z

Link: CVE-2026-34849

cve-icon Vulnrichment

Updated: 2026-04-13T15:01:19.116Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T05:16:03.057

Modified: 2026-04-14T16:34:28.660

Link: CVE-2026-34849

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses