Huawei

The preset launcher module has a permission verification vulnerability

CVE-2022-44561 7.5 - High - November 09, 2022

The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.

Incorrect Default Permissions

The launcher module has an Intent redirection vulnerability

CVE-2022-44560 5.3 - Medium - November 09, 2022

The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.

The iaware module has a vulnerability in thread security

CVE-2022-44551 9.8 - Critical - November 09, 2022

The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

The lock screen module has defects introduced in the design process

CVE-2022-44552 7.5 - High - November 09, 2022

The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider

CVE-2022-44553 5.3 - Medium - November 09, 2022

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.

The power module has a vulnerability in permission verification

CVE-2022-44554 7.5 - High - November 09, 2022

The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.

The DDMP/ODMF module has a service hijacking vulnerability

CVE-2022-44555 7.5 - High - November 09, 2022

The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files

CVE-2022-44557 7.5 - High - November 09, 2022

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.

The AMS module has a vulnerability of serialization/deserialization mismatch

CVE-2022-44558 9.8 - Critical - November 09, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Marshaling, Unmarshaling

The AMS module has a vulnerability of serialization/deserialization mismatch

CVE-2022-44559 9.8 - Critical - November 09, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Marshaling, Unmarshaling

The DRM module has a vulnerability in verifying the secure memory attributes

CVE-2021-46851 9.8 - Critical - November 09, 2022

The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.

The memory management module has the logic bypass vulnerability

CVE-2021-46852 7.5 - High - November 09, 2022

The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released

CVE-2022-44546 7.5 - High - November 09, 2022

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.

The Display Service module has a UAF vulnerability

CVE-2022-44547 7.5 - High - November 09, 2022

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

Dangling pointer

There is a vulnerability in permission verification during the Bluetooth pairing process

CVE-2022-44548 4.3 - Medium - November 09, 2022

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

Incorrect Default Permissions

The LBS module has a vulnerability in geofencing API access

CVE-2022-44549 7.5 - High - November 09, 2022

The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

Exposure of Resource to Wrong Sphere

The graphics display module has a UAF vulnerability when traversing graphic layers

CVE-2022-44550 7.5 - High - November 09, 2022

The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.

The system framework layer has a vulnerability of serialization/deserialization mismatch

CVE-2022-44562 9.8 - Critical - November 09, 2022

The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Improper Privilege Management

There is a race condition vulnerability in SD upgrade mode

CVE-2022-44563 5.9 - Medium - November 09, 2022

There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

Race Condition

Missing parameter type validation in the DRM module

CVE-2022-44556 7.5 - High - November 08, 2022

Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

Improper Input Validation

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may

CVE-2022-38980 9.8 - Critical - October 14, 2022

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.

Memory Corruption

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

CVE-2022-38982 9.8 - Critical - October 14, 2022

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2021-46840 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

CVE-2022-39011 7.5 - High - October 14, 2022

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2022-41581 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

CVE-2022-41582 7.5 - High - October 14, 2022

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

CVE-2022-41583 7.5 - High - October 14, 2022

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

Out-of-bounds Read

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-41584 7.8 - High - October 14, 2022

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-41585 7.8 - High - October 14, 2022

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-41586 7.5 - High - October 14, 2022

The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.

Uncaptured exceptions in the home screen module

CVE-2022-41587 5.3 - Medium - October 14, 2022

Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.

Improper Check for Unusual or Exceptional Conditions

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-41588 7.5 - High - October 14, 2022

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

CVE-2022-41589 7.5 - High - October 14, 2022

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2021-46839 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes

CVE-2022-38977 7.5 - High - October 14, 2022

The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.

Memory Corruption

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read

CVE-2022-38984 7.5 - High - October 14, 2022

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Out-of-bounds Read

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38985 7.5 - High - October 14, 2022

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

Improper Input Validation

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering

CVE-2022-38986 9.1 - Critical - October 14, 2022

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read

CVE-2022-38998 7.5 - High - October 14, 2022

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Out-of-bounds Read

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

CVE-2022-38981 7.5 - High - October 14, 2022

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

Out-of-bounds Read

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

CVE-2022-38983 9.8 - Critical - October 14, 2022

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

Dangling pointer

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

CVE-2022-41578 9.8 - Critical - October 14, 2022

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

Memory Corruption

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2022-41580 9.8 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The rphone module has a script

CVE-2022-41576 7.8 - High - October 14, 2022

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel

CVE-2022-41577 7.1 - High - October 14, 2022

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41592 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41593 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41594 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41595 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Memory Corruption

The phones have the heap overflow

CVE-2022-41597 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41598 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41600 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41601 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41602 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41603 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

Out-of-bounds heap read vulnerability in the HW_KEYMASTER module

CVE-2021-40019 9.1 - Critical - September 16, 2022

Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.

Out-of-bounds Read

The secure OS module has configuration defects

CVE-2022-38997 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38996 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38995 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38994 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38993 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38992 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38991 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38990 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38989 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38988 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38987 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38979 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38978 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Implementation of the WLAN module interfaces has the information disclosure vulnerability

CVE-2021-46836 7.5 - High - September 16, 2022

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Implementation of the WLAN module interfaces has the information disclosure vulnerability

CVE-2021-40024 7.5 - High - September 16, 2022

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Configuration defects in the secure OS module

CVE-2021-40023 7.5 - High - September 16, 2022

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

The HW_KEYMASTER module lacks the validity check of the key format

CVE-2021-40017 9.8 - Critical - September 16, 2022

The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Buffer Overflow

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVE-2022-39000 9.8 - Critical - September 16, 2022

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

The AOD module has the improper update of reference count vulnerability

CVE-2022-38999 9.8 - Critical - September 16, 2022

The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

Out-of-bounds write vulnerability in the kernel modules

CVE-2020-36601 7.5 - High - September 16, 2022

Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.

Memory Corruption

Out-of-bounds write vulnerability in the power consumption module

CVE-2020-36600 7.5 - High - September 16, 2022

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

Memory Corruption

The NFC module has bundle serialization/deserialization vulnerabilities

CVE-2022-39008 9.1 - Critical - September 16, 2022

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.

Marshaling, Unmarshaling

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-39007 9.8 - Critical - September 16, 2022

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

authentification

The MPTCP module has the race condition vulnerability

CVE-2022-39006 5.9 - Medium - September 16, 2022

The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.

Race Condition

The MPTCP module has the memory leak vulnerability

CVE-2022-39005 7.5 - High - September 16, 2022

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

Memory Leak

The MPTCP module has the memory leak vulnerability

CVE-2022-39004 7.5 - High - September 16, 2022

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

Memory Leak

Buffer overflow vulnerability in the video framework

CVE-2022-39003 9.1 - Critical - September 16, 2022

Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.

Classic Buffer Overflow

Double free vulnerability in the storage module

CVE-2022-39002 9.8 - Critical - September 16, 2022

Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

Double-free

The number identification module has a path traversal vulnerability

CVE-2022-39001 7.5 - High - September 16, 2022

The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

Directory traversal

The HwChrService module has a vulnerability in permission control

CVE-2022-39010 7.5 - High - September 16, 2022

The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.

The WLAN module has a vulnerability in permission verification

CVE-2022-39009 9.8 - Critical - September 16, 2022

The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.

authentification

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE)

CVE-2022-37004 7.5 - High - August 10, 2022

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.

The recovery module has a vulnerability of bypassing the verification of an update package before use

CVE-2022-37008 7.5 - High - August 10, 2022

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.

Insufficient Verification of Data Authenticity

The chinadrm module has an out-of-bounds read vulnerability

CVE-2022-37007 7.5 - High - August 10, 2022

The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.

Out-of-bounds Read

Permission control vulnerability in the network module

CVE-2022-37006 7.5 - High - August 10, 2022

Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability.

Incorrect Default Permissions

The Settings application has an argument injection vulnerability

CVE-2022-37005 7.5 - High - August 10, 2022

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Argument Injection

The AOD module has a vulnerability in permission assignment

CVE-2022-37003 9.8 - Critical - August 10, 2022

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.

Incorrect Default Permissions

The SystemUI module has a privilege escalation vulnerability

CVE-2022-37002 9.8 - Critical - August 10, 2022

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

AuthZ

The diag-router module has a vulnerability in intercepting excessive long and short instructions

CVE-2022-37001 7.5 - High - August 10, 2022

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash.

The video framework has the memory overwriting vulnerability caused by addition overflow

CVE-2021-40034 7.5 - High - August 10, 2022

The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module

CVE-2021-40040 7.5 - High - August 10, 2022

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.

The My HUAWEI app has a defect in the design

CVE-2021-40030 7.5 - High - August 10, 2022

The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory

CVE-2021-33646 7.5 - High - August 10, 2022

The th_read() function doesnt free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

Memory Leak

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname

CVE-2021-33644 8.1 - High - August 10, 2022

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

Out-of-bounds Read