Cyber Resilience

CVE-2024-56434

Medium

Published: 08 January 2025

Published
08 January 2025
Modified
18 September 2025
KEV Added
Patch
CVSS Score v3.1 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0010 28.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56434 is a medium-severity Use After Free (CWE-416) vulnerability in Huawei Harmonyos. Its CVSS base score is 4.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2024-56434 is a Use-After-Free (UAF) vulnerability, classified under CWE-416, in the device node access module. Published on 2025-01-08, it carries a CVSS v3.1 base score of 4.4 (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H) and affects Huawei devices.

Exploitation requires local access, high attack complexity, low privileges, and user interaction. A successful attack can cause service exceptions on the device, leading to a denial-of-service condition with high availability impact but no confidentiality or integrity effects.

Huawei's security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on the vulnerability, including recommended mitigations and patches.

EU & UK References

Vulnerability details

UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

UAF in local device module directly enables application/system exploitation for DoS (high availability impact only).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57959Same product: Huawei Emui
CVE-2026-34859Same product: Huawei Emui
CVE-2026-34854Same product: Huawei Emui
CVE-2026-28552Same product: Huawei Emui
CVE-2023-52955Same product: Huawei Emui
CVE-2024-56440Same product: Huawei Emui
CVE-2024-56442Same product: Huawei Emui
CVE-2024-56438Same product: Huawei Emui
CVE-2026-28553Same product: Huawei Emui
CVE-2024-56449Same product: Huawei Emui

Affected Assets

huawei
emui
14.0.0
huawei
harmonyos
4.0.0, 4.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of the UAF vulnerability via patching as detailed in the Huawei security bulletin.

prevent

Implements memory protection mechanisms like ASLR and DEP that increase the high attack complexity required to successfully exploit the UAF in the device node access module.

prevent

Provides denial-of-service protections tailored to mitigate service exceptions and high availability impact from UAF exploitation.

References