Description
Out-of-bounds write vulnerability in the kernel module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Published: 2026-04-13
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability and Confidentiality
Action: Apply Patch
AI Analysis

Impact

An out-of-bounds write in a kernel module allows an attacker to corrupt memory, which can undermine system stability and potentially expose sensitive data. This flaw can lead to denial of service by crashing the kernel and may also compromise the confidentiality of stored data depending on the memory contents overwritten. The root cause is a failure to validate array bounds (CWE‑20).

Affected Systems

Systems running Huawei EMUI or HarmonyOS are susceptible to this flaw. The vulnerability applies to all releases that include the affected kernel module; specific affected versions are not listed by the CNA, so any installation of these operating systems may be at risk until a vendor update is applied.

Risk and Exploitability

The CVSS base score of 5.7 indicates moderate risk. No EPSS data is available, and the issue is not catalogued in the CISA KEV list, suggesting that active exploitation evidence is lacking. The likely attack vector is local or requires elevated privileges to load or trigger the vulnerable module, so an attacker with local access or the ability to inject code into the kernel could exploit this weakness. Until a patch is released, the best mitigation is to apply the vendor-provided update or restrict kernel module usage.

Generated by OpenCVE AI on April 13, 2026 at 06:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the update or patch provided by Huawei for EMUI and HarmonyOS.
  • If a patch is not yet available, restrict the loading of the vulnerable kernel module or disable the affected functionality.
  • Monitor system logs for kernel crashes or signs of memory corruption and keep the system in a stable configuration.

Generated by OpenCVE AI on April 13, 2026 at 06:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Kernel Module Out‑Bounds Write Leading to Availability and Confidentiality Issues

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T15:00:46.304Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34855

cve-icon Vulnrichment

Updated: 2026-04-13T15:00:42.386Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:03.360

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34855

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:20Z

Weaknesses