CVE-2024-57959

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

17 March 2025

KEV Added

—

Patch

—

CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS Score 0.0010 27.1th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57959 is a medium-severity Use After Free (CWE-416) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely identification, reporting, and correction of known flaws like this UAF vulnerability through vendor patches referenced in the Huawei security bulletin.

SI-16 Memory Protection good match

prevent

Implements memory protection safeguards such as address space randomization and non-executable memory to prevent exploitation of use-after-free vulnerabilities in the display module.

RA-5 Vulnerability Monitoring and Scanning partial match

preventdetect

Requires vulnerability scanning and monitoring to identify the presence of this UAF vulnerability, enabling proactive remediation before local exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

UAF in local display module directly enables application/system exploitation for DoS (high availability impact per CVSS).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Deeper analysisAI

CVE-2024-57959 is a Use-After-Free (UAF) vulnerability, classified under CWE-416, affecting the display module in Huawei consumer products. Published on 2025-02-06, it carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H), indicating medium severity with primary impacts on availability and limited integrity.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation may cause features to perform abnormally, potentially leading to high availability disruption such as denial of service on affected display functionalities, alongside low integrity effects.

Huawei has published a security bulletin detailing the issue at https://consumer.huawei.com/en/support/bulletin/2025/2/, which security practitioners should consult for patch information and mitigation guidance.

Details

CWE(s): CWE-416

Affected Products

huawei

emui

14.0.0

huawei

harmonyos

4.0.0, 4.2.0, 4.3.0, 5.0.0

CVEs Like This One

CVE-2024-56434Same product: Huawei Emui

CVE-2024-56438Same product: Huawei Emui

CVE-2024-56442Same product: Huawei Emui

CVE-2026-34859Same product: Huawei Emui

CVE-2024-56440Same product: Huawei Emui

CVE-2026-34854Same product: Huawei Emui

CVE-2026-28552Same product: Huawei Emui

CVE-2024-57962Same product: Huawei Harmonyos

CVE-2026-34853Same product: Huawei Emui

CVE-2026-28542Same product: Huawei Emui

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com