CVE-2025-68968
Double Free Vulnerability in Multi-Mode Input Module Affecting Input Function
Publication date: 2026-01-14
Last updated on: 2026-01-14
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | to 6.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double free issue in the multi-mode input module. A double free occurs when a program attempts to free the same memory location twice, which can lead to undefined behavior, including crashes or potential exploitation by attackers.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability may affect the input function, potentially leading to high impacts on confidentiality, integrity, and availability of the system as indicated by the CVSS score. This could result in system instability or malfunction of input-related features.
What immediate steps should I take to mitigate this vulnerability?
Apply the January 2026 Huawei security update for HarmonyOS 6.0.0 and earlier versions, which includes patches addressing vulnerabilities in the input module among others. This update targets flagship Huawei phones and tablets and fixes multiple high-impact vulnerabilities. [2]