CVE-2026-34854
Use-After-Free Vulnerability in Kernel Module Affecting Availability, Confidentiality
Publication date: 2026-04-13
Last updated on: 2026-04-15
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | 4.0.0 |
| huawei | harmonyos | 4.2.0 |
| huawei | harmonyos | 4.3.0 |
| huawei | harmonyos | 5.1.0 |
| huawei | harmonyos | 4.3.1 |
| huawei | harmonyos | 6.0.0 |
| huawei | emui | 14.0.0 |
| huawei | emui | 15.0.0 |
| huawei | emui | 14.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use-After-Free (UAF) issue in a kernel module. A UAF vulnerability occurs when a program continues to use a pointer after the memory it points to has been freed, which can lead to unpredictable behavior or exploitation.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can impact the availability and confidentiality of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability affects the confidentiality and availability of the system, which are critical components in compliance with standards such as GDPR and HIPAA.
A successful exploitation could lead to unauthorized access or denial of service, potentially resulting in breaches of personal data protection requirements under GDPR and compromising the availability of healthcare information systems under HIPAA.