CVE-2024-57961

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

17 March 2025

KEV Added

—

Patch

—

CVSS Score 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

EPSS Score 0.0006 17.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57961 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.8 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 17.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as DEP, ASLR, and stack canaries that directly prevent exploitation of out-of-bounds write vulnerabilities like CVE-2024-57961.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of flaws such as the out-of-bounds write in the emcom module, as recommended in Huawei's security bulletin.

SI-10 Information Input Validation partial match

prevent

Validates information inputs to the emcom module to block malformed data that could trigger the out-of-bounds write and lead to confidentiality or availability impacts.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local out-of-bounds write with no privileges required directly enables exploitation for privilege escalation to access sensitive data.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Deeper analysisAI

CVE-2024-57961 is an out-of-bounds write vulnerability (CWE-787) in the emcom module. It was published on 2025-02-06 and carries a CVSS v3.1 base score of 6.8 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L), rated as medium severity. The vulnerability affects Huawei consumer products, as detailed in the vendor's security bulletin.

A local attacker requires no privileges, low attack complexity, and no user interaction to exploit this vulnerability. Successful exploitation can result in high confidentiality impact, potentially allowing unauthorized access to sensitive data, alongside low availability impact that may cause affected features to perform abnormally.

Huawei's security advisory provides details on mitigation; practitioners should consult the bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/ for patches and remediation guidance.

Details

CWE(s): CWE-787

Affected Products

huawei

emui

13.0.0

huawei

harmonyos

3.0.0, 4.2.0

CVEs Like This One

CVE-2024-56447Same product: Huawei Emui

CVE-2026-34859Same product: Huawei Emui

CVE-2024-58043Same product: Huawei Emui

CVE-2024-58044Same product: Huawei Emui

CVE-2024-56449Same product: Huawei Emui

CVE-2026-24926Same product: Huawei Harmonyos

CVE-2026-28542Same product: Huawei Emui

CVE-2024-57955Same product: Huawei Harmonyos

CVE-2024-57960Same product: Huawei Emui

CVE-2026-28548Same product: Huawei Emui

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com