{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34855", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.701Z", "datePublished": "2026-04-13T04:03:38.754Z", "dateUpdated": "2026-04-13T15:00:46.304Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:03:38.754Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Out-of-bounds write vulnerability in the kernel module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:00:37.990624Z", "id": "CVE-2026-34855", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:00:46.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T15:00:37.990624Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:00:42.386Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds write vulnerability in the kernel module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper input validation"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:03:38.754Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34855", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:00:46.304Z", "dateReserved": "2026-03-31T01:11:13.701Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T04:03:38.754Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "082BBC06-A0B2-481E-BF6F-56180E17ABEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EA69843-EC8D-42E2-900E-017D2B502E9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39DE6A6-CBE6-4086-93CD-113D1B3BA730", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AA76C33-8D23-490B-B620-C24EDCC86A56", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "888C5BD7-421B-4A85-8719-BFEE3C215527", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in the kernel module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality."}], "id": "CVE-2026-34855", "lastModified": "2026-04-17T19:25:03.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.2, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2026-04-13T05:16:03.360", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "15.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "EMUI", "source": "cna", "vendor": "Huawei"}, "product": "emui", "vendor": "huawei"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T06:26:08.304882+00:00", "value": {"mitigation_remediation": ["Apply the update or patch provided by Huawei for EMUI and HarmonyOS.", "If a patch is not yet available, restrict the loading of the vulnerable kernel module or disable the affected functionality.", "Monitor system logs for kernel crashes or signs of memory corruption and keep the system in a stable configuration."], "summary": {"action": "Apply Patch", "impact": "Availability and Confidentiality"}, "threat_synthesis": {"affected_systems": "Systems running Huawei EMUI or HarmonyOS are susceptible to this flaw. The vulnerability applies to all releases that include the affected kernel module; specific affected versions are not listed by the CNA, so any installation of these operating systems may be at risk until a vendor update is applied.", "description_and_impact": "An out-of-bounds write in a kernel module allows an attacker to corrupt memory, which can undermine system stability and potentially expose sensitive data. This flaw can lead to denial of service by crashing the kernel and may also compromise the confidentiality of stored data depending on the memory contents overwritten. The root cause is a failure to validate array bounds (CWE\u201120).", "risk_and_exploitability": "The CVSS base score of 5.7 indicates moderate risk. No EPSS data is available, and the issue is not catalogued in the CISA KEV list, suggesting that active exploitation evidence is lacking. The likely attack vector is local or requires elevated privileges to load or trigger the vulnerable module, so an attacker with local access or the ability to inject code into the kernel could exploit this weakness. Until a patch is released, the best mitigation is to apply the vendor-provided update or restrict kernel module usage."}}}}, "created": "2026-04-13T12:37:33.230956+00:00", "title": "Kernel Module Out\u2011Bounds Write Leading to Availability and Confidentiality Issues", "updated": "2026-04-13T12:53:20.988701+00:00", "vendors": ["huawei", "huawei$PRODUCT$emui", "huawei$PRODUCT$harmonyos"]}