Description
Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-06-09
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition exists within the HarmonyOS IPC module that can lead to a use‑after‑free exploit. When concurrently accessed objects are freed while another process accesses them, the attacker may cause the system to crash or become unresponsive, thereby affecting the availability of the affected device.

Affected Systems

The vulnerability affects Huawei HarmonyOS systems. No specific firmware or hardware version information is provided, so any device running an unpatched HarmonyOS with this IPC implementation is potentially impacted.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the potential impact remains. Based on the description, the likely attack vector involves sending crafted IPC messages from a compromised or malicious local process or, if IPC is exposed over a network, from a remote attacker. The exploit requires conditions that trigger the race between allocation and deallocation of shared memory, and successful exploitation would result in a denial of service to the affected device.

Generated by OpenCVE AI on June 9, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware update or patch published in the Huawei support bulletin linked above to mitigate the IPC race condition.
  • If an update is not yet available, isolate the device from untrusted networks and restrict IPC usage where possible until the vulnerability is resolved.
  • Enable verbose logging for IPC-related errors and report any anomalies to Huawei support for further assistance.

Generated by OpenCVE AI on June 9, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Tue, 09 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T12:55:08.985Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41982

cve-icon Vulnrichment

Updated: 2026-06-09T12:55:03.747Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T08:16:28.167

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41982

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:30:35Z

Weaknesses