7.8
CVE-2021-40047
- EPSS 0.6%
- Veröffentlicht 10.03.2022 17:43:16
- Zuletzt bearbeitet 21.11.2024 06:23:27
- Quelle psirt@huawei.com
- CVE-Watchlists
- Unerledigt
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.444 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:C/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://consumer.huawei.com/en/support/bulletin/2022/3/
https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202203-0000001257385193