CVE-2024-58045

High

Published: 04 March 2025

Published

04 March 2025

Modified

05 March 2025

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0004 11.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58045 is a high-severity Race Condition (CWE-362) vulnerability in Huawei Harmonyos. Its CVSS base score is 8.6 (High).

Operationally, ranked at the 11.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Directly remediates the CWE-362 concurrency flaw in the media digital copyright protection module through timely identification, reporting, and correction.

SC-4 Information in Shared System Resources good match

prevent

Prevents unauthorized information transfer or corruption via shared system resources lacking proper synchronization, directly addressing the core issue of this multi-concurrency vulnerability.

SC-39 Process Isolation partial match

prevent

Maintains process isolation to limit interference from concurrent executions that could exploit improper synchronization in the vulnerable module.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v19.0

NVD Description

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.

Deeper analysisAI

CVE-2024-58045 is a multi-concurrency vulnerability, classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization), in the media digital copyright protection module. It affects Huawei consumer products, as indicated by the vendor's support bulletin. The vulnerability was published on 2025-03-04 and carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact.

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary. Successful exploitation changes scope and allows high-impact consequences across confidentiality, integrity, and availability, with the primary effect being disruption of availability in the affected module.

Huawei's security advisory, available at https://consumer.huawei.com/en/support/bulletin/2025/3/, provides details on the vulnerability, likely including recommended mitigations or patches for affected devices. Security practitioners should consult this bulletin for specific remediation steps.

Details

CWE(s): CWE-362

Affected Products

huawei

harmonyos

5.0.0

CVEs Like This One

CVE-2025-68955Same product: Huawei Harmonyos

CVE-2025-68957Same product: Huawei Harmonyos

CVE-2025-68960Same product: Huawei Harmonyos

CVE-2026-34856Same product: Huawei Harmonyos

CVE-2025-68958Same product: Huawei Harmonyos

CVE-2025-68956Same product: Huawei Harmonyos

CVE-2026-34851Same product: Huawei Harmonyos

CVE-2026-24930Same product: Huawei Harmonyos

CVE-2024-56436Same product: Huawei Harmonyos

CVE-2024-56437Same product: Huawei Harmonyos

References

https://consumer.huawei.com/en/support/bulletin/2025/3/
Vendor Advisory · psirt@huawei.com