CVE-2024-57958

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

17 March 2025

KEV Added

—

Patch

—

CVSS Score 5.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

EPSS Score 0.0005 16.3th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57958 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Huawei Harmonyos. Its CVSS base score is 5.7 (Medium).

Operationally, ranked at the 16.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring identification, reporting, correction, and verification of the specific out-of-bounds array read flaw through vendor patches.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms that prevent exploitation of out-of-bounds array reads due to pointer dereference errors or invalid memory access.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Vulnerability scanning detects the presence of this specific out-of-bounds read vulnerability in the FFRT module for timely remediation.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Deeper analysisAI

CVE-2024-57958 is an out-of-bounds array read vulnerability (CWE-125) in the FFRT module. This flaw affects certain Huawei consumer products, as detailed in the vendor's security bulletin.

The vulnerability has a CVSS v3.1 base score of 5.7 (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L), indicating it can be exploited by a local attacker requiring no privileges or user interaction, with low attack complexity. Successful exploitation may allow the attacker to cause features to perform abnormally, resulting in low-impact confidentiality and availability effects due to the changed scope.

Huawei has published a security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/ addressing this vulnerability, which security practitioners should consult for mitigation details and available patches.

Details

CWE(s): CWE-125

Affected Products

huawei

emui

14.0.0

huawei

harmonyos

4.0.0, 4.2.0, 4.3.0, 5.0.0

CVEs Like This One

CVE-2026-24915Same product: Huawei Harmonyos

CVE-2026-34853Same product: Huawei Emui

CVE-2026-28542Same product: Huawei Emui

CVE-2023-52953Same product: Huawei Emui

CVE-2024-56438Same product: Huawei Emui

CVE-2024-56442Same product: Huawei Emui

CVE-2024-56434Same product: Huawei Emui

CVE-2024-56447Same product: Huawei Emui

CVE-2026-34859Same product: Huawei Emui

CVE-2024-57961Same product: Huawei Emui

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com