Huawei Huawei

  1. Vendors
  2. Huawei
Do you want an email whenever new security vulnerabilities are reported in any Huawei product?

Products by Huawei Sorted by Most Security Vulnerabilities since 2018

Huawei Emui253 vulnerabilities

Huawei Harmonyos247 vulnerabilities

Huawei Magic Ui228 vulnerabilities

Huawei Manageone15 vulnerabilities

Huawei Pcmanager8 vulnerabilities

Huawei Fusioncompute8 vulnerabilities

Huawei Pcmanageroversea3 vulnerabilities

Huawei Pcmanagerchina3 vulnerabilities

Huawei Campusinsight3 vulnerabilities

Huawei Hisuite3 vulnerabilities

Huawei Gaussdb 2003 vulnerabilities

Huawei Appgallery2 vulnerabilities

Huawei Imanager Neteco 60002 vulnerabilities

Huawei Imanager Neteco2 vulnerabilities

Huawei Fusionsphere Openstack2 vulnerabilities

Huawei Ne201 vulnerability

Huawei Vip App1 vulnerability

Huawei Utps Firmware1 vulnerability

Huawei Smc2 01 vulnerability

Huawei Anyoffice1 vulnerability

Huawei Atb1 vulnerability

Huawei Atn1 vulnerability

Huawei Pc Smart Full Scene1 vulnerability

Huawei Network Functions Virtualization Fusionsphere1 vulnerability

Huawei Ne5000e1 vulnerability

Huawei Ne40e80e1 vulnerability

Huawei Ne40801 vulnerability

Huawei Ne20e X61 vulnerability

Huawei Hedex Lite1 vulnerability

Huawei Me601 vulnerability

Huawei Cx6001 vulnerability

Huawei Elf G10hn1 vulnerability

Huawei Ma5200g1 vulnerability

Huawei Imaster Mae M1 vulnerability

Huawei Espace Desktop1 vulnerability

Huawei Fusionaccess1 vulnerability

Huawei Hwbackup1 vulnerability

Huawei Hg532e1 vulnerability

Huawei Hg255s1 vulnerability

By the Year

In 2022 there have been 163 vulnerabilities in Huawei with an average score of 7.5 out of ten. Last year Huawei had 255 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Huawei in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.21.

Year Vulnerabilities Average Score
2022 163 7.53
2021 255 7.33
2020 14 7.10
2019 12 6.93
2018 5 6.26

It may take a day or so for new Huawei vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Security Vulnerabilities

The bone voice ID TA has a memory overwrite vulnerability

CVE-2021-40036 9.8 - Critical - June 13, 2022

The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.

Memory Corruption

HwSEServiceAPP has a vulnerability in permission management

CVE-2021-46811 5.3 - Medium - June 13, 2022

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

Incorrect Default Permissions

Vulnerability of residual files not being deleted after an update in the ChinaDRM module

CVE-2021-46813 7.5 - High - June 13, 2022

Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.

Improper Removal of Sensitive Information Before Storage or Transfer

The voice wakeup module has a vulnerability of using externally-controlled format strings

CVE-2022-31753 7.5 - High - June 13, 2022

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.

Use of Externally-Controlled Format String

The setting module has a vulnerability of improper use of APIs

CVE-2022-31757 7.5 - High - June 13, 2022

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services

CVE-2022-31760 9.1 - Critical - June 13, 2022

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

The Device Manager has a vulnerability in multi-device interaction

CVE-2021-46812 7.5 - High - June 13, 2022

The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.

Configuration defects in the secure OS module

CVE-2021-46815 7.5 - High - June 13, 2022

Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.

Missing authorization vulnerability in the system components

CVE-2022-31752 5.5 - Medium - June 13, 2022

Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

AuthZ

Logical defects in code implementation in some products

CVE-2022-31754 7.5 - High - June 13, 2022

Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.

Configuration defects in the secure OS module

CVE-2022-31761 7.5 - High - June 13, 2022

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

The kernel module has the race condition vulnerability

CVE-2022-31758 4.7 - Medium - June 13, 2022

The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Race Condition

The video framework has an out-of-bounds memory read/write vulnerability

CVE-2021-46814 7.5 - High - June 13, 2022

The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.

Memory Corruption

The kernel emcom module has multi-thread contention

CVE-2022-31751 5.5 - Medium - June 13, 2022

The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

The communication module has a vulnerability of improper permission preservation

CVE-2022-31755 5.5 - Medium - June 13, 2022

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

Improper Preservation of Permissions

The fingerprint sensor module has design defects

CVE-2022-31756 5.5 - Medium - June 13, 2022

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

AppLink has a vulnerability of accessing uninitialized pointers

CVE-2022-31759 5.5 - Medium - June 13, 2022

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.

Access of Uninitialized Pointer

The AMS module has a vulnerability in input validation

CVE-2022-31762 7.8 - High - June 13, 2022

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

Improper Input Validation

The kernel module has the null pointer and out-of-bounds array vulnerabilities

CVE-2022-31763 5.5 - Medium - June 13, 2022

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.

NULL Pointer Dereference

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22252 7.5 - High - May 13, 2022

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

Dangling pointer

The Property module has a vulnerability in permission control.This vulnerability

CVE-2021-46785 5.3 - Medium - May 13, 2022

The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.

AuthZ

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2021-46786 9.8 - Critical - May 13, 2022

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

Buffer Overflow

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVE-2021-46787 7.5 - High - May 13, 2022

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

CVE-2021-46788 7.5 - High - May 13, 2022

Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

Configuration defects in the secure OS module

CVE-2021-46789 7.5 - High - May 13, 2022

Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

CVE-2022-22260 9.1 - Critical - May 13, 2022

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

Dangling pointer

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-22261 7.5 - High - May 13, 2022

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29789 7.5 - High - May 13, 2022

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

CVE-2022-29790 7.5 - High - May 13, 2022

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29791 7.5 - High - May 13, 2022

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-29792 7.5 - High - May 13, 2022

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.

CVE-2022-29793 7.5 - High - May 13, 2022

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity

CVE-2022-29794 9.8 - Critical - May 13, 2022

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.

Dangling pointer

The frame scheduling module has a null pointer dereference vulnerability

CVE-2022-29795 7.5 - High - May 13, 2022

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

NULL Pointer Dereference

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29796 7.5 - High - May 13, 2022

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22254 7.5 - High - April 11, 2022

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

AuthZ

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22256 7.5 - High - April 11, 2022

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22253 7.5 - High - April 11, 2022

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

Improper Validation of Integrity Check Value

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.

CVE-2022-22255 7.5 - High - April 11, 2022

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-22257 7.5 - High - April 11, 2022

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

Improper Privilege Management

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may

CVE-2022-22258 9.8 - Critical - April 11, 2022

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46740 7.5 - High - April 11, 2022

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.

authentification

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

CVE-2021-46742 9.1 - Critical - April 11, 2022

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

authentification

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40065 7.5 - High - April 11, 2022

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

There is a heap-based and stack-based buffer overflow vulnerability in the video framework

CVE-2021-40057 7.5 - High - March 10, 2022

There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

Memory Corruption

There is a heap-based buffer overflow vulnerability in the video framework

CVE-2021-40058 7.5 - High - March 10, 2022

There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

Memory Corruption

There is a permission control vulnerability in the Wi-Fi module

CVE-2021-40059 6.5 - Medium - March 10, 2022

There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.

Incorrect Default Permissions

There is a heap-based buffer overflow vulnerability in the video framework

CVE-2021-40060 7.5 - High - March 10, 2022

There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

Memory Corruption

There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module

CVE-2021-40061 7.5 - High - March 10, 2022

There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

Object Type Confusion

There is a vulnerability of copying input buffer without checking its size in the video framework

CVE-2021-40062 7.5 - High - March 10, 2022

There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

There is an improper access control vulnerability in the video module

CVE-2021-40063 7.5 - High - March 10, 2022

There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.

There is a heap-based buffer overflow vulnerability in system components

CVE-2021-40064 7.5 - High - March 10, 2022

There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.

Memory Corruption

There is a vulnerability of memory not being released after effective lifetime in the Bastet module

CVE-2021-40047 7.5 - High - March 10, 2022

There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

Memory Leak

There is an incorrect buffer size calculation vulnerability in the video framework

CVE-2021-40048 7.5 - High - March 10, 2022

There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.

Incorrect Calculation of Buffer Size

There is a permission control vulnerability in the PMS module

CVE-2021-40049 7.5 - High - March 10, 2022

There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.

Incorrect Default Permissions

There is an out-of-bounds read vulnerability in the IFAA module

CVE-2021-40050 9.8 - Critical - March 10, 2022

There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.

Out-of-bounds Read

There is an unauthorized access vulnerability in system components

CVE-2021-40051 7.5 - High - March 10, 2022

There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.

Exposure of Resource to Wrong Sphere

There is an incorrect buffer size calculation vulnerability in the video framework

CVE-2021-40052 7.5 - High - March 10, 2022

There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

Incorrect Calculation of Buffer Size

There is a permission control vulnerability in the Nearby module

CVE-2021-40053 9.1 - Critical - March 10, 2022

There is a permission control vulnerability in the Nearby module. Successful exploitation of this vulnerability will affect availability and integrity.

Incorrect Default Permissions

There is an integer underflow vulnerability in the atcmdserver module

CVE-2021-40054 7.5 - High - March 10, 2022

There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.

Integer underflow

There is a man-in-the-middle attack vulnerability during system update download in recovery mode

CVE-2021-40055 5.9 - Medium - March 10, 2022

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.

There is a vulnerability of copying input buffer without checking its size in the video framework

CVE-2021-40056 7.5 - High - March 10, 2022

There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.

Classic Buffer Overflow

There is a memory address out of bounds in smartphones

CVE-2021-22429 9.8 - Critical - February 25, 2022

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

Buffer Overflow

PCManager versions 11.1.1.95 has a privilege escalation vulnerability

CVE-2021-40046 9.8 - Critical - February 25, 2022

PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege.

Improper Privilege Management

There is an improper permission management vulnerability in the Wallet apps

CVE-2021-37103 5.5 - Medium - February 25, 2022

There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.

Incorrect Default Permissions

There is a DoS vulnerability in smartphones

CVE-2021-37027 7.5 - High - February 25, 2022

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity.

There is a DoS vulnerability in smartphones

CVE-2021-22489 7.5 - High - February 25, 2022

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.

The interface of a certain HarmonyOS module has an integer overflow vulnerability

CVE-2021-22480 9.8 - Critical - February 25, 2022

The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.

Integer Overflow or Wraparound

The interface of a certain HarmonyOS module has an invalid address access vulnerability

CVE-2021-22479 5.5 - Medium - February 25, 2022

The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.

Buffer Overflow

The interface of a certain HarmonyOS module has a UAF vulnerability

CVE-2021-22478 5.5 - Medium - February 25, 2022

The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.

Dangling pointer

There is an improper verification vulnerability in smartphones

CVE-2021-22448 9.1 - Critical - February 25, 2022

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

AuthZ

Some Huawei products have an integer overflow vulnerability

CVE-2021-22441 5.5 - Medium - February 25, 2022

Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.

Integer Overflow or Wraparound

There is a software integer overflow leading to a TOCTOU condition in smartphones

CVE-2021-22437 7 - High - February 25, 2022

There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.

Integer Overflow or Wraparound

There is a memory address out of bounds in smartphones

CVE-2021-22433 9.8 - Critical - February 25, 2022

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

Buffer Overflow

There is a vulnerability when configuring permission isolation in smartphones

CVE-2021-22432 9.8 - Critical - February 25, 2022

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

Buffer Overflow

There is a vulnerability when configuring permission isolation in smartphones

CVE-2021-22431 9.8 - Critical - February 25, 2022

There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

Buffer Overflow

There is a logic bypass vulnerability in smartphones

CVE-2021-22430 9.8 - Critical - February 25, 2022

There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.

Code Injection

There is a memory address out of bounds vulnerability in smartphones

CVE-2021-22434 9.8 - Critical - February 25, 2022

There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

Buffer Overflow

There is a memory address out of bounds in smartphones

CVE-2021-22426 9.8 - Critical - February 25, 2022

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

Buffer Overflow

There is a code injection vulnerability in smartphones

CVE-2021-22395 7.5 - High - February 25, 2022

There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

Code Injection

There is a buffer overflow vulnerability in smartphones

CVE-2021-22394 9.1 - Critical - February 25, 2022

There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

Classic Buffer Overflow

There is an improper verification vulnerability in smartphones

CVE-2021-22319 7.5 - High - February 25, 2022

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.

Integer Overflow or Wraparound

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-37107 5.5 - Medium - February 09, 2022

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.

Memory Corruption

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37115 5.5 - Medium - February 09, 2022

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

AuthZ

There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure.

CVE-2021-37109 7.8 - High - February 09, 2022

There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure.

AuthZ

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40045 5.5 - Medium - February 09, 2022

There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.

Improper Verification of Cryptographic Signature

There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations.

CVE-2021-40044 8.8 - High - February 09, 2022

There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations.

AuthZ

There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.

CVE-2021-40015 4.7 - Medium - February 09, 2022

There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.

Race Condition

There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality

CVE-2021-39994 9.8 - Critical - February 09, 2022

There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

AuthZ

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality

CVE-2021-39992 7.8 - High - February 09, 2022

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Incorrect Permission Assignment for Critical Resource

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39991 5.5 - Medium - February 09, 2022

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

AuthZ

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39986 5.5 - Medium - February 09, 2022

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

AuthZ

There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39997 9.8 - Critical - February 09, 2022

There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access.

Improper Input Validation

The fingerprint module has a security risk of brute force cracking

CVE-2021-40006 4.6 - Medium - January 10, 2022

The fingerprint module has a security risk of brute force cracking. Successful exploitation of this vulnerability may affect data confidentiality.

Inadequate Encryption Strength

There is an uncontrolled resource consumption vulnerability in the display module

CVE-2021-40011 7.5 - High - January 10, 2022

There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.

Resource Exhaustion

There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones

CVE-2021-40026 7.5 - High - January 10, 2022

There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Memory Corruption

The bone voice ID TA has a vulnerability in calculating the buffer length

CVE-2021-40027 7.5 - High - January 10, 2022

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.

Buffer Overflow

The eID module has an out-of-bounds memory write vulnerability

CVE-2021-40028 7.5 - High - January 10, 2022

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.

Memory Corruption

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones

CVE-2021-39996 9.8 - Critical - January 10, 2022

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.

Memory Corruption

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2021-40010 9.8 - Critical - January 10, 2022

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.