{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34854", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.700Z", "datePublished": "2026-04-13T04:01:47.279Z", "dateUpdated": "2026-04-13T15:01:06.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:01:47.279Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "UAF vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "UAF vulnerability in the kernel module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:00:59.383442Z", "id": "CVE-2026-34854", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:01:06.879Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34854", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T15:00:59.383442Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:01:03.200Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "UAF vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "value": "UAF vulnerability in the kernel module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use after free"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:01:47.279Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34854", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:01:06.879Z", "dateReserved": "2026-03-31T01:11:13.700Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T04:01:47.279Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "UAF vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality."}], "id": "CVE-2026-34854", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.2, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2026-04-13T05:16:03.200", "references": [{"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "15.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "EMUI", "source": "cna", "vendor": "Huawei"}, "product": "emui", "vendor": "huawei"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T07:25:34.256057+00:00", "value": {"mitigation_remediation": ["Check Huawei's official bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/ and download the latest firmware or platform update.", "If no patch is available, limit execution of the vulnerable kernel module and enforce strict privilege limits.", "Monitor device logs for anomalies such as kernel crashes or abnormal memory usage."], "summary": {"action": "Apply Patch", "impact": "Availability and Confidentiality"}, "threat_synthesis": {"affected_systems": "Huawei devices running EMUI or HarmonyOS are affected. The advisory does not list specific versions, so any release that includes the vulnerable kernel module may be at risk.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free in a kernel module. Successful exploitation can compromise the device\u2019s availability and confidentiality, as stated in the official description.", "risk_and_exploitability": "The CVSS score of 5.7 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, implying no known public exploits yet. Because the flaw resides in the kernel, the likely attack vector requires local or privileged access, as inferred from the nature of use\u2011after\u2011free bugs. The risk is non\u2011trivial if an attacker can gain such access."}}}}, "created": "2026-04-13T12:37:34.211021+00:00", "title": "Kernel Module Use\u2011After\u2011Free Leading to Availability and Confidentiality Impact", "updated": "2026-04-13T12:53:21.942690+00:00", "vendors": ["huawei", "huawei$PRODUCT$emui", "huawei$PRODUCT$harmonyos"]}