Huawei
Products by Huawei Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2023 there have been 25 vulnerabilities in Huawei with an average score of 7.5 out of ten. Last year Huawei had 303 security vulnerabilities published. Right now, Huawei is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.02
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 25 | 7.54 |
2022 | 303 | 7.56 |
2021 | 255 | 7.33 |
2020 | 14 | 7.10 |
2019 | 12 | 6.93 |
2018 | 5 | 6.26 |
It may take a day or so for new Huawei vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Huawei Security Vulnerabilities
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability
CVE-2022-48283
9.8 - Critical
- February 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
AuthZ
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability
CVE-2022-48284
9.8 - Critical
- February 27, 2023
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
AuthZ
The IHwAttestationService interface has a defect in authentication
CVE-2022-48294
7.5 - High
- February 09, 2023
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
authentification
The IHwAntiMalPlugin interface lacks permission verification
CVE-2022-48295
7.5 - High
- February 09, 2023
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
Improper Preservation of Permissions
The SystemUI has a vulnerability in permission management
CVE-2022-48296
5.3 - Medium
- February 09, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
Improper Preservation of Permissions
The bundle management module lacks permission verification in some APIs
CVE-2022-48301
7.5 - High
- February 09, 2023
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.
Improper Preservation of Permissions
The phone-PC collaboration module has a logic bypass vulnerability
CVE-2022-48290
9.1 - Critical
- February 09, 2023
The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.
The Bluetooth module has an out-of-memory (OOM) vulnerability
CVE-2022-48292
6.5 - Medium
- February 09, 2023
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Out-of-bounds Read
The Bluetooth module has an OOM vulnerability
CVE-2022-48293
6.5 - Medium
- February 09, 2023
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Out-of-bounds Read
The geofencing kernel code has a vulnerability of not verifying the length of the input data
CVE-2022-48297
7.5 - High
- February 09, 2023
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
Improper Input Validation
The geofencing kernel code does not verify the length of the input data
CVE-2022-48298
7.5 - High
- February 09, 2023
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
Improper Input Validation
The WMS module lacks the authentication mechanism in some APIs
CVE-2022-48299
7.5 - High
- February 09, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The WMS module lacks the authentication mechanism in some APIs
CVE-2022-48300
7.5 - High
- February 09, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48302
7.5 - High
- February 09, 2023
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
AuthZ
The multi-screen collaboration module has a privilege escalation vulnerability
CVE-2022-48286
7.5 - High
- February 09, 2023
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
AuthZ
The HwContacts module has a logic bypass vulnerability
CVE-2022-48287
7.5 - High
- February 09, 2023
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.
The bundle management module lacks authentication and control mechanisms in some APIs
CVE-2022-48288
7.5 - High
- February 09, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The bundle management module lacks authentication and control mechanisms in some APIs
CVE-2022-48289
7.5 - High
- February 09, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The system has a vulnerability
CVE-2022-46761
7.5 - High
- January 06, 2023
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46762
7.5 - High
- January 06, 2023
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
The Bluetooth AVRCP module has a vulnerability
CVE-2022-47974
6.5 - Medium
- January 06, 2023
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
The DUBAI module has a double free vulnerability
CVE-2022-47975
7.5 - High
- January 06, 2023
The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.
Double-free
The DMSDP module of the distributed hardware has a vulnerability
CVE-2022-47976
7.5 - High
- January 06, 2023
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
CVE-2021-46867
7.5 - High
- January 06, 2023
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Out-of-bounds Read
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
CVE-2021-46868
7.5 - High
- January 06, 2023
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Out-of-bounds Read
The multi-screen collaboration module has a path traversal vulnerability
CVE-2021-46856
7.5 - High
- December 20, 2022
The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Directory traversal
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed
CVE-2022-41590
5.5 - Medium
- December 20, 2022
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability.
authentification
The backup module has a path traversal vulnerability
CVE-2022-41591
7.5 - High
- December 20, 2022
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.
Directory traversal
The system tool has inconsistent serialization and deserialization
CVE-2022-41596
7.5 - High
- December 20, 2022
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.
Marshaling, Unmarshaling
The system service has a vulnerability that causes incorrect return values
CVE-2022-41599
7.5 - High
- December 20, 2022
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46310
7.5 - High
- December 20, 2022
The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality.
The contacts component has a free (undefined) provider vulnerability
CVE-2022-46311
7.5 - High
- December 20, 2022
The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity.
Dangling pointer
The application management module has a vulnerability in permission verification
CVE-2022-46312
7.5 - High
- December 20, 2022
The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.
The sensor privacy module has an authentication vulnerability
CVE-2022-46313
5.3 - Medium
- December 20, 2022
The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.
authentification
The IPC module has defects introduced in the design process
CVE-2022-46314
7.5 - High
- December 20, 2022
The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
The ProfileSDK has defects introduced in the design process
CVE-2022-46315
7.5 - High
- December 20, 2022
The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
A thread security vulnerability exists in the authentication process
CVE-2022-46316
9.8 - Critical
- December 20, 2022
A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.
authentification
The power consumption module has an out-of-bounds read vulnerability
CVE-2022-46317
7.5 - High
- December 20, 2022
The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
Out-of-bounds Read
The HAware module has a function logic error
CVE-2022-46318
5.3 - Medium
- December 20, 2022
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.
Fingerprint calibration has a vulnerability of lacking boundary judgment
CVE-2022-46319
9.8 - Critical
- December 20, 2022
Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.
Memory Corruption
The kernel module has an out-of-bounds read vulnerability
CVE-2022-46320
9.8 - Critical
- December 20, 2022
The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.
Out-of-bounds Read
The Wi-Fi module has a vulnerability in permission verification
CVE-2022-46321
7.5 - High
- December 20, 2022
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.
Some smartphones have the out-of-bounds write vulnerability
CVE-2022-46322
7.5 - High
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46323
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability
CVE-2022-46324
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46325
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability
CVE-2022-46326
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have configuration issues
CVE-2022-46327
9.8 - Critical
- December 20, 2022
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.
Some smartphones have the input validation vulnerability
CVE-2022-46328
7.5 - High
- December 20, 2022
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Improper Input Validation
After tar_close(), libtar.c releases the memory pointed to by pointer t
CVE-2021-33640
9.8 - Critical
- December 19, 2022
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
Dangling pointer
The preset launcher module has a permission verification vulnerability
CVE-2022-44561
7.5 - High
- November 09, 2022
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
Incorrect Default Permissions
The launcher module has an Intent redirection vulnerability
CVE-2022-44560
5.3 - Medium
- November 09, 2022
The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.
The iaware module has a vulnerability in thread security
CVE-2022-44551
9.8 - Critical
- November 09, 2022
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
The lock screen module has defects introduced in the design process
CVE-2022-44552
7.5 - High
- November 09, 2022
The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider
CVE-2022-44553
5.3 - Medium
- November 09, 2022
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.
The power module has a vulnerability in permission verification
CVE-2022-44554
7.5 - High
- November 09, 2022
The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.
The DDMP/ODMF module has a service hijacking vulnerability
CVE-2022-44555
7.5 - High
- November 09, 2022
The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files
CVE-2022-44557
7.5 - High
- November 09, 2022
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.
The AMS module has a vulnerability of serialization/deserialization mismatch
CVE-2022-44558
9.8 - Critical
- November 09, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Marshaling, Unmarshaling
The AMS module has a vulnerability of serialization/deserialization mismatch
CVE-2022-44559
9.8 - Critical
- November 09, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Marshaling, Unmarshaling
The DRM module has a vulnerability in verifying the secure memory attributes
CVE-2021-46851
9.8 - Critical
- November 09, 2022
The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
The memory management module has the logic bypass vulnerability
CVE-2021-46852
7.5 - High
- November 09, 2022
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released
CVE-2022-44546
7.5 - High
- November 09, 2022
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
The Display Service module has a UAF vulnerability
CVE-2022-44547
7.5 - High
- November 09, 2022
The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.
Dangling pointer
There is a vulnerability in permission verification during the Bluetooth pairing process
CVE-2022-44548
4.3 - Medium
- November 09, 2022
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.
Incorrect Default Permissions
The LBS module has a vulnerability in geofencing API access
CVE-2022-44549
7.5 - High
- November 09, 2022
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.
Exposure of Resource to Wrong Sphere
The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-44550
7.5 - High
- November 09, 2022
The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
The system framework layer has a vulnerability of serialization/deserialization mismatch
CVE-2022-44562
9.8 - Critical
- November 09, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Improper Privilege Management
There is a race condition vulnerability in SD upgrade mode
CVE-2022-44563
5.9 - Medium
- November 09, 2022
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
Race Condition
Missing parameter type validation in the DRM module
CVE-2022-44556
7.5 - High
- November 08, 2022
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.
Improper Input Validation
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may
CVE-2022-38980
9.8 - Critical
- October 14, 2022
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.
Memory Corruption
The phones have the heap overflow
CVE-2022-41603
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41602
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41601
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41600
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41598
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41597
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41595
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Memory Corruption
The phones have the heap overflow
CVE-2022-41594
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41593
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41592
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel
CVE-2022-41577
7.1 - High
- October 14, 2022
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.
Out-of-bounds Read
The rphone module has a script
CVE-2022-41576
7.8 - High
- October 14, 2022
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2022-41580
9.8 - Critical
- October 14, 2022
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Out-of-bounds Read
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
CVE-2022-41578
9.8 - Critical
- October 14, 2022
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
Memory Corruption
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
CVE-2022-38983
9.8 - Critical
- October 14, 2022
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
Dangling pointer
The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.
CVE-2022-38981
7.5 - High
- October 14, 2022
The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.
Out-of-bounds Read
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read
CVE-2022-38998
7.5 - High
- October 14, 2022
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
Out-of-bounds Read
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
CVE-2022-41582
7.5 - High
- October 14, 2022
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering
CVE-2022-38986
9.1 - Critical
- October 14, 2022
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
CVE-2022-38982
9.8 - Critical
- October 14, 2022
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2021-46840
9.1 - Critical
- October 14, 2022
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Out-of-bounds Read
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
CVE-2022-39011
7.5 - High
- October 14, 2022
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2022-41581
9.1 - Critical
- October 14, 2022
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
CVE-2022-41583
7.5 - High
- October 14, 2022
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
Out-of-bounds Read
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41584
7.8 - High
- October 14, 2022
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
Out-of-bounds Read
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41585
7.8 - High
- October 14, 2022
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
Out-of-bounds Read
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read
CVE-2022-38984
7.5 - High
- October 14, 2022
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
Out-of-bounds Read
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2021-46839
9.1 - Critical
- October 14, 2022
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Out-of-bounds Read
The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes
CVE-2022-38977
7.5 - High
- October 14, 2022
The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.
Memory Corruption