CVE-2019-5282

Name: CVE-2019-5282
Creator: NVD / NIST
Published: 2019-11-13T14:15:10.457+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.79%

Last modified Jun 17, 2026

CVE-2019-5282 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. EPSS estimates a 0.79% chance of exploitation in the next 30 days.

Description

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182(C00E82R1P21), Versions earlier than Emily-TL00B 9.0.0.182(C01E82R1P21), Versions earlier than Emily-L09C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.203(C432E7R1P11), Versions earlier than Emily-L29C 9.0.0.202(C185E2R1P12) have a double free vulnerability. An attacker tricks the user into installing a malicious application, which frees on the same memory address twice. Successful exploit could result in malicious code execution.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

0.79%

51.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-415

Affected Software

Vendor	Product	Versions
Huawei	Emily-Al00a Firmware	< emily-al00a_9.0.0.182\(c00e82r1p21\)
Huawei	Emily-Tl00b Firmware	< emily-tl00b_9.0.0.182\(c01e82r1p21\)
Huawei	Emily-L09c Firmware	< emily-l09c_9.0.0.203\(c432e7r1p11\)
Huawei	Emily-L29c Firmware	< emily-l29c_9.0.0.203\(c432e7r1p11\)
Huawei	Emily-L29c Firmware	< emily-l29c_9.0.0.202\(c185e2r1p12\)
Huawei	Emily-L29c Firmware	< emily-l29c_9.0.0.207\(c636e7r1p13\)
Huawei	Emily-L29c Firmware	< emily-l29c_9.0.0.205\(c635e2r1p11\)
Huawei	Hima-L09ca Firmware	< hima-l09ca_9.0.0.198\(c432e10r1p16\)
Huawei	Hima-L29ca Firmware	< hima-l29ca_9.0.0.198\(c432e10r1p16\)
Huawei	Hima-L29c Firmware	< hima-l29c_9.0.0.204\(c636e10r2p1\)

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-smartphone-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190220-01-smartphone-enVendor Advisory

Timeline

Published: Nov 13, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-5282?

How severe is CVE-2019-5282?

CVE-2019-5282 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.79% probability of exploitation in the next 30 days.

How do I fix CVE-2019-5282?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-5282?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST