{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34849", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.700Z", "datePublished": "2026-04-13T03:58:17.419Z", "dateUpdated": "2026-04-13T15:01:23.630Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:58:17.419Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "UAF vulnerability in the screen management module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "UAF vulnerability in the screen management module.<br>Impact: Successful exploitation of this vulnerability may affect availability."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "LOW", "baseScore": 2.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:01:16.067702Z", "id": "CVE-2026-34849", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:01:23.630Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34849", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T15:01:16.067702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:01:19.116Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "UAF vulnerability in the screen management module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "UAF vulnerability in the screen management module.<br>Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:58:17.419Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34849", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:01:23.630Z", "dateReserved": "2026-03-31T01:11:13.700Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T03:58:17.419Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "UAF vulnerability in the screen management module.\nImpact: Successful exploitation of this vulnerability may affect availability."}], "id": "CVE-2026-34849", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2026-04-13T05:16:03.057", "references": [{"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T07:26:08.050962+00:00", "value": {"mitigation_remediation": ["Check Huawei\u2019s consumer support bulletin for HarmonyOS updates addressing the screen\u2011management issue.", "When a patch is released, apply it immediately to eliminate the use\u2011after\u2011free condition.", "In the absence of a patch, monitor the device for sudden restarts or crashes and restrict access to applications that invoke the screen\u2011management module until remediation is applied."], "summary": {"action": "Apply Patch", "impact": "Availability"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Huawei HarmonyOS. No specific version information is supplied in the advisory, so all releases that include the screen\u2011management component are considered vulnerable until a patch is issued.", "description_and_impact": "A use\u2011after\u2011free flaw exists in Huawei HarmonyOS\u2019s screen\u2011management module, allowing privileged code that runs within the system to deallocate a memory object and subsequently access it. This flaw, associated with CWE\u2011362 per the vendor\u2019s classification, can cause the operating system or the screen\u2011display process to become unstable or crash, thereby disrupting device availability.", "risk_and_exploitability": "The CVSS base score of 2.5 indicates low severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited exploit evidence. The attack vector is inferred to be local, requiring an attacker to run code with sufficient privileges on the device. Successful exploitation would likely result in a crash or restart, impacting device availability but not compromising confidentiality or integrity."}}}}, "created": "2026-04-13T12:37:36.288997+00:00", "title": "Use\u2011After\u2011Free in HarmonyOS Screen Management Causing Availability Disruption", "updated": "2026-04-13T12:53:23.883193+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}