Cyber Resilience

CVE-2024-57959

Medium

Published: 06 February 2025

Published
06 February 2025
Modified
17 March 2025
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0010 27.1th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57959 is a medium-severity Use After Free (CWE-416) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-57959 is a Use-After-Free (UAF) vulnerability, classified under CWE-416, affecting the display module in Huawei consumer products. Published on 2025-02-06, it carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating medium severity with primary impacts on availability and limited integrity.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation may cause features to perform abnormally, potentially leading to high availability disruption such as denial of service on affected display functionalities, alongside low integrity effects.

Huawei has published a security bulletin detailing the issue at https://consumer.huawei.com/en/support/bulletin/2025/2/, which security practitioners should consult for patch information and mitigation guidance.

EU & UK References

Vulnerability details

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

UAF in local display module directly enables application/system exploitation for DoS (high availability impact per CVSS).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56434Same product: Huawei Emui
CVE-2026-34859Same product: Huawei Emui
CVE-2026-34854Same product: Huawei Emui
CVE-2026-28552Same product: Huawei Emui
CVE-2023-52955Same product: Huawei Emui
CVE-2024-56440Same product: Huawei Emui
CVE-2024-56442Same product: Huawei Emui
CVE-2024-56438Same product: Huawei Emui
CVE-2026-28553Same product: Huawei Emui
CVE-2024-56449Same product: Huawei Emui

Affected Assets

huawei
emui
14.0.0
huawei
harmonyos
4.0.0, 4.2.0, 4.3.0, 5.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely identification, reporting, and correction of known flaws like this UAF vulnerability through vendor patches referenced in the Huawei security bulletin.

prevent

Implements memory protection safeguards such as address space randomization and non-executable memory to prevent exploitation of use-after-free vulnerabilities in the display module.

preventdetect

Requires vulnerability scanning and monitoring to identify the presence of this UAF vulnerability, enabling proactive remediation before local exploitation.

References