Huawei
Products by Huawei Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 24 vulnerabilities in Huawei with an average score of 7.6 out of ten. Last year Huawei had 238 security vulnerabilities published. Right now, Huawei is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.08.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 24 | 7.57 |
2023 | 238 | 7.49 |
2022 | 303 | 7.56 |
2021 | 255 | 7.33 |
2020 | 14 | 7.10 |
2019 | 12 | 6.93 |
2018 | 5 | 6.26 |
It may take a day or so for new Huawei vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Huawei Security Vulnerabilities
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules)
CVE-2021-33631
7.8 - High
- January 18, 2024
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
Integer Overflow or Wraparound
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation
CVE-2021-33630
5.5 - Medium
- January 18, 2024
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.
NULL Pointer Dereference
The Celia Keyboard module has a vulnerability in access control
CVE-2023-52100
7.5 - High
- January 16, 2024
The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.
Component exposure vulnerability in the Wi-Fi module
CVE-2023-52101
9.1 - Critical
- January 16, 2024
Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.
Vulnerability of parameters being not verified in the WMS module
CVE-2023-52102
7.5 - High
- January 16, 2024
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
Buffer overflow vulnerability in the FLP module
CVE-2023-52103
9.8 - Critical
- January 16, 2024
Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.
Classic Buffer Overflow
Vulnerability of parameters being not verified in the WMS module
CVE-2023-52104
7.5 - High
- January 16, 2024
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
The nearby module has a privilege escalation vulnerability
CVE-2023-52105
7.5 - High
- January 16, 2024
The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.
Improper Privilege Management
The DownloadProviderMain module has a vulnerability in API permission verification
CVE-2023-52106
9.1 - Critical
- January 16, 2024
The DownloadProviderMain module has a vulnerability in API permission verification. Successful exploitation of this vulnerability may affect integrity and availability.
Vulnerability of foreground service restrictions being bypassed in the NMS module
CVE-2023-52099
7.5 - High
- January 16, 2024
Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.
Denial of Service (DoS) vulnerability in the DMS module
CVE-2023-52098
7.5 - High
- January 16, 2024
Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.
Resource Exhaustion
Vulnerability of permissions being not strictly verified in the WMS module
CVE-2023-52107
7.5 - High
- January 16, 2024
Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
Incorrect Permission Assignment for Critical Resource
Vulnerability of process priorities being raised in the ActivityManagerService module
CVE-2023-52108
7.5 - High
- January 16, 2024
Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
Data confidentiality vulnerability in the ScreenReader module
CVE-2023-52114
7.5 - High
- January 16, 2024
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.
The iaware module has a Use-After-Free (UAF) vulnerability
CVE-2023-52115
7.5 - High
- January 16, 2024
The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.
Dangling pointer
Permission management vulnerability in the multi-screen interaction module
CVE-2023-52116
7.5 - High
- January 16, 2024
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
Incorrect Permission Assignment for Critical Resource
The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52110
7.5 - High
- January 16, 2024
The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability.
Memory Corruption
Authorization vulnerability in the BootLoader module
CVE-2023-52111
7.5 - High
- January 16, 2024
Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity.
AuthZ
Unauthorized file access vulnerability in the wallpaper service module
CVE-2023-52112
5.3 - Medium
- January 16, 2024
Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.
Files or Directories Accessible to External Parties
launchAnyWhere vulnerability in the ActivityManagerService module
CVE-2023-52113
7.5 - High
- January 16, 2024
launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
Out-of-bounds access vulnerability in the device authentication module
CVE-2023-44112
7.5 - High
- January 16, 2024
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.
Out-of-bounds Read
Vulnerability of trust relationships being inaccurate in distributed scenarios
CVE-2023-44117
7.5 - High
- January 16, 2024
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of trust relationships being inaccurate in distributed scenarios
CVE-2023-4566
7.5 - High
- January 16, 2024
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of trust relationships being inaccurate in distributed scenarios
CVE-2023-52109
7.5 - High
- January 16, 2024
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of unauthorized access to email attachments in the email module
CVE-2023-49243
7.5 - High
- December 06, 2023
Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.
Permission verification vulnerability in distributed scenarios
CVE-2023-49247
7.5 - High
- December 06, 2023
Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
Improper Certificate Validation
Permission management vulnerability in the module for disabling Sound Booster
CVE-2023-6273
5.3 - Medium
- December 06, 2023
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
Permission management vulnerability in the multi-user module
CVE-2023-49244
7.5 - High
- December 06, 2023
Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.
Unauthorized access vulnerability in the Huawei Share module
CVE-2023-49245
7.5 - High
- December 06, 2023
Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.
Unauthorized access vulnerability in the card management module
CVE-2023-49246
7.5 - High
- December 06, 2023
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of unauthorized file access in the Settings app
CVE-2023-49248
5.5 - Medium
- December 06, 2023
Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.
API permission control vulnerability in the network management module
CVE-2023-49241
7.5 - High
- December 06, 2023
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.
Free broadcast vulnerability in the running management module
CVE-2023-49242
7.5 - High
- December 06, 2023
Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of data verification errors in the kernel module
CVE-2023-44099
7.5 - High
- December 06, 2023
Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.
Improper Check for Unusual or Exceptional Conditions
Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module
CVE-2023-44113
7.5 - High
- December 06, 2023
Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.
AuthZ
Permission management vulnerability in the PMS module
CVE-2023-46773
9.8 - Critical
- December 06, 2023
Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.
Incorrect Default Permissions
Unauthorized access vulnerability in the card management module
CVE-2023-49239
7.5 - High
- December 06, 2023
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
AuthZ
Unauthorized access vulnerability in the launcher module
CVE-2023-49240
7.5 - High
- December 06, 2023
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
AuthZ
Permission control vulnerability in the window management module
CVE-2023-46756
5.3 - Medium
- November 08, 2023
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
The remote PIN module has a vulnerability
CVE-2023-46757
7.5 - High
- November 08, 2023
The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.
Permission management vulnerability in the multi-screen interaction module
CVE-2023-46758
7.5 - High
- November 08, 2023
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
Permission control vulnerability in the call module
CVE-2023-46759
7.5 - High
- November 08, 2023
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of parameters being out of the value range in the QMI service module
CVE-2023-46772
7.5 - High
- November 08, 2023
Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data.
Memory Corruption
Vulnerability of background app permission management in the framework module
CVE-2023-46763
5.3 - Medium
- November 08, 2023
Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.
Unauthorized startup vulnerability of background apps
CVE-2023-46764
5.3 - Medium
- November 08, 2023
Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.
Vulnerability of uncaught exceptions in the NFC module
CVE-2023-46765
7.5 - High
- November 08, 2023
Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.
Out-of-bounds write vulnerability in the kernel driver module
CVE-2023-46766
7.5 - High
- November 08, 2023
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
Memory Corruption
Out-of-bounds write vulnerability in the kernel driver module
CVE-2023-46767
7.5 - High
- November 08, 2023
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
Memory Corruption
Vulnerability of uncaught exceptions in the NFC module
CVE-2023-46774
7.5 - High
- November 08, 2023
Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.
Race condition vulnerability in the kernel module
CVE-2022-48613
5.9 - Medium
- November 08, 2023
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.
Race Condition
Vulnerability of input parameters being not strictly verified in the input
CVE-2023-46755
5.3 - Medium
- November 08, 2023
Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.
Out-of-bounds write vulnerability in the kernel driver module
CVE-2023-46760
7.5 - High
- November 08, 2023
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
Memory Corruption
Out-of-bounds write vulnerability in the kernel driver module
CVE-2023-46761
7.5 - High
- November 08, 2023
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
Memory Corruption
Out-of-bounds write vulnerability in the kernel driver module
CVE-2023-46762
7.5 - High
- November 08, 2023
Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.
Memory Corruption
Vulnerability of missing encryption in the card management module
CVE-2023-44098
7.5 - High
- November 08, 2023
Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
Missing Encryption of Sensitive Data
Security vulnerability in the face unlock module
CVE-2023-46771
7.5 - High
- November 08, 2023
Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of improper permission control in the Booster module
CVE-2023-44115
7.5 - High
- November 08, 2023
Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread vulnerability in the idmap module
CVE-2023-46768
7.5 - High
- November 08, 2023
Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.
Dangling pointer
Vulnerability of identity verification being bypassed in the face unlock module
CVE-2023-5801
9.1 - Critical
- November 08, 2023
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.
Authentication Bypass by Spoofing
Use-After-Free (UAF) vulnerability in the dubai module
CVE-2023-46769
7.5 - High
- November 08, 2023
Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.
Dangling pointer
Out-of-bounds vulnerability in the sensor module
CVE-2023-46770
7.5 - High
- November 08, 2023
Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.
Memory Corruption
Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2023-44107
9.1 - Critical
- October 11, 2023
Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44108
7.5 - High
- October 11, 2023
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
Object Type Confusion
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.
CVE-2023-44116
9.8 - Critical
- October 11, 2023
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.
Missing Authentication for Critical Function
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2023-44118
9.1 - Critical
- October 11, 2023
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.
Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.
CVE-2023-44119
7.5 - High
- October 11, 2023
Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.
Improper Locking
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44105
9.8 - Critical
- October 11, 2023
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
Improper Privilege Management
Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44114
7.5 - High
- October 11, 2023
Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.
Out-of-bounds Read
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability
CVE-2023-44095
7.5 - High
- October 11, 2023
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.
Dangling pointer
Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to
CVE-2023-41304
5.3 - Medium
- October 11, 2023
Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.
Improper Check for Unusual or Exceptional Conditions
Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44097
7.5 - High
- October 11, 2023
Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.
Information Disclosure
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44100
7.5 - High
- October 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
Incorrect Resource Transfer Between Spheres
The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-44101
7.5 - High
- October 11, 2023
The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.
Exposure of Resource to Wrong Sphere
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability
CVE-2023-44102
5.3 - Medium
- October 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.
Exposure of Resource to Wrong Sphere
Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44103
7.5 - High
- October 11, 2023
Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
Out-of-bounds Read
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44104
7.5 - High
- October 11, 2023
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
Incorrect Resource Transfer Between Spheres
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44111
7.5 - High
- October 11, 2023
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
Improper Restriction of Excessive Authentication Attempts
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44106
9.8 - Critical
- October 11, 2023
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-44110
4.3 - Medium
- October 11, 2023
Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.
Improper Input Validation
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44094
5.3 - Medium
- October 11, 2023
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
Object Type Confusion
Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44093
7.5 - High
- October 11, 2023
Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44096
7.5 - High
- October 11, 2023
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
Improper Restriction of Excessive Authentication Attempts
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44109
7.5 - High
- October 11, 2023
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
Broadcast permission control vulnerability in the framework module
CVE-2023-4565
5.3 - Medium
- September 27, 2023
Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.
Incorrect Permission Assignment for Critical Resource
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module
CVE-2023-41305
7.5 - High
- September 27, 2023
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.
Inadequate Encryption Strength
Vulnerability of mutex management in the bone voice ID trusted application (TA) module
CVE-2023-41306
3.7 - Low
- September 27, 2023
Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.
Race Condition
Memory overwriting vulnerability in the security module
CVE-2023-41307
7.5 - High
- September 27, 2023
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.
Memory Corruption
Screenshot vulnerability in the input module
CVE-2023-41308
7.5 - High
- September 27, 2023
Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.
Permission control vulnerability in the MediaPlaybackController module
CVE-2023-41309
7.5 - High
- September 27, 2023
Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.
Keep-alive vulnerability in the sticky broadcast mechanism
CVE-2023-41310
3.3 - Low
- September 27, 2023
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.
Resource Exhaustion
Permission control vulnerability in the audio module
CVE-2023-41311
5.3 - Medium
- September 27, 2023
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.
Permission control vulnerability in the audio module
CVE-2023-41312
5.3 - Medium
- September 27, 2023
Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.
Stability-related vulnerability in the binder background management and control module
CVE-2022-48606
7.5 - High
- September 27, 2023
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.
NULL Pointer Dereference
Vulnerability of unauthorized API access in the PMS module
CVE-2023-41301
7.5 - High
- September 25, 2023
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.
Command injection vulnerability in the distributed file system module
CVE-2023-41303
7.5 - High
- September 25, 2023
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.
Command Injection
Redirection permission verification vulnerability in the home screen module
CVE-2023-41302
7.5 - High
- September 25, 2023
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.
Vulnerability of parameters not being strictly verified in the PMS module
CVE-2023-41300
7.5 - High
- September 25, 2023
Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
Data security classification vulnerability in the DDMP module
CVE-2023-41293
7.5 - High
- September 25, 2023
Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.
Input verification vulnerability in the fingerprint module
CVE-2022-48605
9.8 - Critical
- September 25, 2023
Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.