A heap-based buffer overflow vulnerability was found in the way sudo parses command line arguments. This flaw is exploitable by any authenticated, local user who can execute the sudo command. Successful exploitation of this flaw could lead to privilege escalation. (Vulnerability ID: HWPSIRT-2021-11969)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-3156.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210310-01-escalation-en>