Description
Race condition vulnerability in the thermal management module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability disruption (Denial of Service)
Action: Apply Patch
AI Analysis

Impact

This vulnerability is a race condition located in the HarmonyOS thermal management module. When concurrent requests to the module occur, the order in which the code executes is not guaranteed, which can corrupt internal state and lead to unintended termination of services or the system itself. The primary consequence is a lack of availability for the affected device or application, as the malfunction can cause crashes or forced restarts. The weakness is classified as CWE-362, indicating a race condition.

Affected Systems

Huawei HarmonyOS. No specific versions are listed in the advisory, so all devices running HarmonyOS that include the vulnerable thermal management component may be affected.

Risk and Exploitability

The CVSS base score of 6.3 indicates a moderate to high risk. No EPSS data is available, and the vulnerability is not currently present in the CISA KEV catalog. The attack vector is not explicitly documented; based on the description, it is inferred that the race condition could be triggered by concurrent operations initiated by an application or the system itself. If an attacker can invoke competing thermal management calls—either through a malicious app or by manipulating system processes—they may exploit the condition to destabilize the OS, impacting system availability. Because no exploit has been reported yet, the likelihood of active exploitation is unknown, but the potential impact warrants immediate attention.

Generated by OpenCVE AI on April 13, 2026 at 06:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huawei support bulletins for updates or patches and apply them promptly
  • If a patch is unavailable, limit or isolate access to thermal management functions and monitor permissions for suspicious applications
  • Monitor device for abnormal thermal behavior or repeated crashes and consider disabling high‑temperature features if they are not critical

Generated by OpenCVE AI on April 13, 2026 at 06:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Race Condition in HarmonyOS Thermal Management Leading to Availability Issues

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T13:27:24.106Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34861

cve-icon Vulnrichment

Updated: 2026-04-13T13:27:20.808Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:03.953

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:15Z

Weaknesses