Description
Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-06-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write in the HarmonyOS Inter‑Process Communication (IPC) module can corrupt memory, potentially leading to crashes or unexpected device behavior. The vulnerability is classified as a heap corruption flaw (CWE‑122) and is reported to impact system availability by causing loss of service or functionality. No evidence of privilege escalation or data exposure is given, so the primary concern is the interruption of normal operation.

Affected Systems

The affected product is Huawei HarmonyOS. The advisory does not specify particular OS releases, implying that all HarmonyOS installations that include the IPC module are potentially vulnerable until a patch is applied or the IPC functionality is otherwise mitigated.

Risk and Exploitability

The CVSS base score of 5.3 indicates moderate severity. Because an EPSS score is unavailable and the vulnerability is not listed in CISA's KEV catalog, the exploitation likelihood is not quantifiable but is not considered negligible. The attack vector is not explicitly described, but the IPC context suggests that exploitation could involve use of inter‑process communication channels, which may be local, remote, or both. This inference is noted but is not confirmed by the source.

Generated by OpenCVE AI on June 9, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update that addresses the IPC out‑of‑bounds write, as outlined in Huawei’s support bulletins.
  • If no immediate patch is available, restrict or disable IPC module functionality for non‑critical services to reduce exposure.
  • Monitor device logs for IPC‑related crashes or service interruptions and investigate recurring memory corruption events.

Generated by OpenCVE AI on June 9, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds IPC Write Vulnerability in Huawei HarmonyOS Impacting Availability

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Tue, 09 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T12:58:41.848Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41981

cve-icon Vulnrichment

Updated: 2026-06-09T12:58:37.175Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T08:16:28.050

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T09:00:08Z

Weaknesses