Cyber Resilience

CVE-2024-58045

High

Published: 04 March 2025

Published
04 March 2025
Modified
05 March 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0004 12.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58045 is a high-severity Race Condition (CWE-362) vulnerability in Huawei Harmonyos. Its CVSS base score is 8.6 (High).

Operationally, ranked at the 12.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-58045 is a multi-concurrency vulnerability, classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization), in the media digital copyright protection module. It affects Huawei consumer products, as indicated by the vendor's support bulletin. The vulnerability was published on 2025-03-04 and carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact.

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary. Successful exploitation changes scope and allows high-impact consequences across confidentiality, integrity, and availability, with the primary effect being disruption of availability in the affected module.

Huawei's security advisory, available at https://consumer.huawei.com/en/support/bulletin/2025/3/, provides details on the vulnerability, likely including recommended mitigations or patches for affected devices. Security practitioners should consult this bulletin for specific remediation steps.

EU & UK References

Vulnerability details

Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful exploitation of this vulnerability may affect availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-68960Same product: Huawei Harmonyos
CVE-2025-68957Same product: Huawei Harmonyos
CVE-2026-34851Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2025-68955Same product: Huawei Harmonyos
CVE-2026-34856Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2026-24925Same product: Huawei Harmonyos
CVE-2024-57955Same product: Huawei Harmonyos

Affected Assets

huawei
harmonyos
5.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly remediates the CWE-362 concurrency flaw in the media digital copyright protection module through timely identification, reporting, and correction.

prevent

Prevents unauthorized information transfer or corruption via shared system resources lacking proper synchronization, directly addressing the core issue of this multi-concurrency vulnerability.

prevent

Maintains process isolation to limit interference from concurrent executions that could exploit improper synchronization in the vulnerable module.

References