CVE-2019-5303

Description

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3)

Category

5.3
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.06%
Vendor Advisory huawei.com
Affected: Huawei ALP-AL00B
Affected: Huawei ALP-L09
Affected: Huawei ALP-L29
Affected: Huawei BLA-L29C
Affected: Huawei Berkeley-AL20
Affected: Huawei Berkeley-L09
Affected: Huawei Charlotte-L09C
Affected: Huawei Charlotte-L29C
Affected: Huawei Columbia-AL10B
Affected: Huawei Columbia-L29D
Affected: Huawei Cornell-AL00A
Affected: Huawei Cornell-L29A
Affected: Huawei Emily-L09C
Affected: Huawei Emily-L29C
Affected: Huawei Ever-L29B
Affected: Huawei HUAWEI Mate 20
Affected: Huawei HUAWEI Mate 20 Pro
Affected: Huawei HUAWEI Mate 20 RS
Affected: Huawei HUAWEI Mate 20 X
Affected: Huawei HUAWEI P20
Affected: Huawei HUAWEI P20 Pro
Affected: Huawei HUAWEI P30
Affected: Huawei HUAWEI P30 Pro
Affected: Huawei HUAWEI Y9 2019
Affected: Huawei HUAWEI nova lite 3
Affected: Huawei Honor 10 Lite
Affected: Huawei Honor 8X
Affected: Huawei Honor View 20
Affected: Huawei Jackman-L22
Affected: Huawei Paris-L21B
Affected: Huawei Paris-L21MEB
Affected: Huawei Paris-L29B
Affected: Huawei Sydney-AL00
Affected: Huawei Sydney-L21
Affected: Huawei Sydney-L21BR
Affected: Huawei Sydney-L22
Affected: Huawei Sydney-L22BR
Affected: Huawei SydneyM-AL00
Affected: Huawei SydneyM-L01
Affected: Huawei SydneyM-L03
Affected: Huawei SydneyM-L21
Affected: Huawei SydneyM-L22
Affected: Huawei SydneyM-L23
Affected: Huawei Yale-L21A
Affected: Huawei Honor 20
Affected: Huawei Honor Magic2
Affected: Huawei Honor V20
Published at:
Updated at:

References

Link Tags
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190814-01-mobile-en vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-5303?
CVE-2019-5303 has been scored as a medium severity vulnerability.
How to fix CVE-2019-5303?
To fix CVE-2019-5303, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-5303 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-5303 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-5303?
CVE-2019-5303 affects Huawei ALP-AL00B, Huawei ALP-L09, Huawei ALP-L29, Huawei BLA-L29C, Huawei Berkeley-AL20, Huawei Berkeley-L09, Huawei Charlotte-L09C, Huawei Charlotte-L29C, Huawei Columbia-AL10B, Huawei Columbia-L29D, Huawei Cornell-AL00A, Huawei Cornell-L29A, Huawei Emily-L09C, Huawei Emily-L29C, Huawei Ever-L29B, Huawei HUAWEI Mate 20, Huawei HUAWEI Mate 20 Pro, Huawei HUAWEI Mate 20 RS, Huawei HUAWEI Mate 20 X, Huawei HUAWEI P20, Huawei HUAWEI P20 Pro, Huawei HUAWEI P30, Huawei HUAWEI P30 Pro, Huawei HUAWEI Y9 2019, Huawei HUAWEI nova lite 3, Huawei Honor 10 Lite, Huawei Honor 8X, Huawei Honor View 20, Huawei Jackman-L22, Huawei Paris-L21B, Huawei Paris-L21MEB, Huawei Paris-L29B, Huawei Sydney-AL00, Huawei Sydney-L21, Huawei Sydney-L21BR, Huawei Sydney-L22, Huawei Sydney-L22BR, Huawei SydneyM-AL00, Huawei SydneyM-L01, Huawei SydneyM-L03, Huawei SydneyM-L21, Huawei SydneyM-L22, Huawei SydneyM-L23, Huawei Yale-L21A, Huawei Honor 20, Huawei Honor Magic2, Huawei Honor V20.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.