Cyber Resilience

CVE-2024-57958

Medium

Published: 06 February 2025

Published
06 February 2025
Modified
17 March 2025
KEV Added
Patch
CVSS Score v3.1 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
EPSS Score 0.0005 16.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57958 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Huawei Harmonyos. Its CVSS base score is 5.7 (Medium).

Operationally, ranked at the 16.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57958 is an out-of-bounds array read vulnerability (CWE-125) in the FFRT module. This flaw affects certain Huawei consumer products, as detailed in the vendor's security bulletin.

The vulnerability has a CVSS v3.1 base score of 5.7 (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L), indicating it can be exploited by a local attacker requiring no privileges or user interaction, with low attack complexity. Successful exploitation may allow the attacker to cause features to perform abnormally, resulting in low-impact confidentiality and availability effects due to the changed scope.

Huawei has published a security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/ addressing this vulnerability, which security practitioners should consult for mitigation details and available patches.

EU & UK References

Vulnerability details

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34859Same product: Huawei Emui
CVE-2026-24921Same product: Huawei Harmonyos
CVE-2026-28553Same product: Huawei Emui
CVE-2024-56449Same product: Huawei Emui
CVE-2024-56448Same product: Huawei Emui
CVE-2026-34854Same product: Huawei Emui
CVE-2026-28552Same product: Huawei Emui
CVE-2026-28542Same product: Huawei Emui
CVE-2026-24915Same product: Huawei Harmonyos
CVE-2024-58044Same product: Huawei Emui

Affected Assets

huawei
emui
14.0.0
huawei
harmonyos
4.0.0, 4.2.0, 4.3.0, 5.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring identification, reporting, correction, and verification of the specific out-of-bounds array read flaw through vendor patches.

prevent

Implements memory protection mechanisms that prevent exploitation of out-of-bounds array reads due to pointer dereference errors or invalid memory access.

detect

Vulnerability scanning detects the presence of this specific out-of-bounds read vulnerability in the FFRT module for timely remediation.

References