Description
UAF vulnerability in the kernel module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Published: 2026-04-13
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability and confidentiality loss due to kernel module use‑after‑free
Action: Assess Impact
AI Analysis

Impact

A use‑after‑free flaw exists in a kernel module used by Huawei EMUI and HarmonyOS. The vulnerability allows memory corruption that can affect system availability and leak confidential data. The weakness is classified as CWE‑416, representing a classic use‑after‑free that undermines core kernel integrity.

Affected Systems

The flaw affects devices running Huawei EMUI and Huawei HarmonyOS. No specific affected versions are listed, so all releases of these operating systems that contain the vulnerable kernel module could be impacted.

Risk and Exploitability

The CVSS base score is 5.9, indicating moderate severity. EPSS data is unavailable and the flaw is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires local or privileged access to load or manipulate the kernel module, making remote exploitation unlikely. The risk is significant in environments where local users have privileged rights or where the module operates in a high‑privilege context.

Generated by OpenCVE AI on April 13, 2026 at 06:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huaweis support bulletin for an official patch or update
  • Apply the patch or update as soon as it becomes available
  • If no patch exists, disable or unload the vulnerable kernel module
  • Restrict local access to privileged users and enforce least‑privilege policies
  • Monitor system logs for signs of memory corruption, crashes, or unexpected reboot events

Generated by OpenCVE AI on April 13, 2026 at 06:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Kernel Module Use‑After‑Free in Huawei EMUI and HarmonyOS Threatens Availability and Confidentiality

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T13:27:45.919Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34859

cve-icon Vulnrichment

Updated: 2026-04-13T13:27:42.600Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:03.810

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34859

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:17Z

Weaknesses