CVE-2026-34854 - Vulnerability Details - OpenCVE

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00006.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Emui Harmonyos

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Huawei	Emui Harmonyos

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2026/4/

History

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title		Kernel Module Use‑After‑Free Leading to Availability and Confidentiality Impact

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei emui Huawei harmonyos
Vendors & Products		Huawei Huawei emui Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type	Values Removed	Values Added
Description		UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses		CWE-416
References		https://consumer.huawei.com/en/support/bulletin/2026/4/
Metrics		cvssV3_1 `{'score': 5.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2026-04-13T04:01:47.279Z

Updated: 2026-04-13T15:01:06.879Z

Reserved: 2026-03-31T01:11:13.700Z

Link: CVE-2026-34854

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:03.200

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34854

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-13T12:53:21Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34854", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.700Z", "datePublished": "2026-04-13T04:01:47.279Z", "dateUpdated": "2026-04-13T15:01:06.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:01:47.279Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "UAF vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "UAF vulnerability in the kernel module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:00:59.383442Z", "id": "CVE-2026-34854", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:01:06.879Z"}}]}}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "15.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "EMUI", "source": "cna", "vendor": "Huawei"}, "product": "emui", "vendor": "huawei"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T07:25:34.256057+00:00", "value": {"mitigation_remediation": ["Check Huawei's official bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/ and download the latest firmware or platform update.", "If no patch is available, limit execution of the vulnerable kernel module and enforce strict privilege limits.", "Monitor device logs for anomalies such as kernel crashes or abnormal memory usage."], "summary": {"action": "Apply Patch", "impact": "Availability and Confidentiality"}, "threat_synthesis": {"affected_systems": "Huawei devices running EMUI or HarmonyOS are affected. The advisory does not list specific versions, so any release that includes the vulnerable kernel module may be at risk.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free in a kernel module. Successful exploitation can compromise the device\u2019s availability and confidentiality, as stated in the official description.", "risk_and_exploitability": "The CVSS score of 5.7 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, implying no known public exploits yet. Because the flaw resides in the kernel, the likely attack vector requires local or privileged access, as inferred from the nature of use\u2011after\u2011free bugs. The risk is non\u2011trivial if an attacker can gain such access."}}}}, "created": "2026-04-13T12:37:34.211021+00:00", "title": "Kernel Module Use\u2011After\u2011Free Leading to Availability and Confidentiality Impact", "updated": "2026-04-13T12:53:21.942690+00:00", "vendors": ["huawei", "huawei$PRODUCT$emui", "huawei$PRODUCT$harmonyos"]}