Huawei Emui

The IHwAttestationService interface has a defect in authentication

CVE-2022-48294 7.5 - High - February 09, 2023

The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

authentification

The IHwAntiMalPlugin interface lacks permission verification

CVE-2022-48295 7.5 - High - February 09, 2023

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).

Improper Preservation of Permissions

The SystemUI has a vulnerability in permission management

CVE-2022-48296 5.3 - Medium - February 09, 2023

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.

Improper Preservation of Permissions

The bundle management module lacks permission verification in some APIs

CVE-2022-48301 7.5 - High - February 09, 2023

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.

Improper Preservation of Permissions

The Bluetooth module has an out-of-memory (OOM) vulnerability

CVE-2022-48292 6.5 - Medium - February 09, 2023

The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Out-of-bounds Read

The Bluetooth module has an OOM vulnerability

CVE-2022-48293 6.5 - Medium - February 09, 2023

The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Out-of-bounds Read

The geofencing kernel code has a vulnerability of not verifying the length of the input data

CVE-2022-48297 7.5 - High - February 09, 2023

The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

Improper Input Validation

The geofencing kernel code does not verify the length of the input data

CVE-2022-48298 7.5 - High - February 09, 2023

The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

Improper Input Validation

The WMS module lacks the authentication mechanism in some APIs

CVE-2022-48299 7.5 - High - February 09, 2023

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The WMS module lacks the authentication mechanism in some APIs

CVE-2022-48300 7.5 - High - February 09, 2023

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48302 7.5 - High - February 09, 2023

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

AuthZ

The multi-screen collaboration module has a privilege escalation vulnerability

CVE-2022-48286 7.5 - High - February 09, 2023

The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

AuthZ

The HwContacts module has a logic bypass vulnerability

CVE-2022-48287 7.5 - High - February 09, 2023

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.

The bundle management module lacks authentication and control mechanisms in some APIs

CVE-2022-48288 7.5 - High - February 09, 2023

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The bundle management module lacks authentication and control mechanisms in some APIs

CVE-2022-48289 7.5 - High - February 09, 2023

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The system has a vulnerability

CVE-2022-46761 7.5 - High - January 06, 2023

The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-46762 7.5 - High - January 06, 2023

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

The Bluetooth AVRCP module has a vulnerability

CVE-2022-47974 6.5 - Medium - January 06, 2023

The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.

The DUBAI module has a double free vulnerability

CVE-2022-47975 7.5 - High - January 06, 2023

The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.

Double-free

The DMSDP module of the distributed hardware has a vulnerability

CVE-2022-47976 7.5 - High - January 06, 2023

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2021-46867 7.5 - High - January 06, 2023

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Out-of-bounds Read

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2021-46868 7.5 - High - January 06, 2023

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Out-of-bounds Read

The multi-screen collaboration module has a path traversal vulnerability

CVE-2021-46856 7.5 - High - December 20, 2022

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Directory traversal

The backup module has a path traversal vulnerability

CVE-2022-41591 7.5 - High - December 20, 2022

The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.

Directory traversal

The system tool has inconsistent serialization and deserialization

CVE-2022-41596 7.5 - High - December 20, 2022

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.

Marshaling, Unmarshaling

The system service has a vulnerability that causes incorrect return values

CVE-2022-41599 7.5 - High - December 20, 2022

The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.

The application management module has a vulnerability in permission verification

CVE-2022-46312 7.5 - High - December 20, 2022

The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.

The power consumption module has an out-of-bounds read vulnerability

CVE-2022-46317 7.5 - High - December 20, 2022

The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.

Out-of-bounds Read

The HAware module has a function logic error

CVE-2022-46318 5.3 - Medium - December 20, 2022

The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.

Fingerprint calibration has a vulnerability of lacking boundary judgment

CVE-2022-46319 9.8 - Critical - December 20, 2022

Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.

Memory Corruption

The kernel module has an out-of-bounds read vulnerability

CVE-2022-46320 9.8 - Critical - December 20, 2022

The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The Wi-Fi module has a vulnerability in permission verification

CVE-2022-46321 7.5 - High - December 20, 2022

The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.

Some smartphones have the out-of-bounds write vulnerability

CVE-2022-46322 7.5 - High - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46323 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability

CVE-2022-46324 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46325 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability

CVE-2022-46326 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have configuration issues

CVE-2022-46327 9.8 - Critical - December 20, 2022

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.

Some smartphones have the input validation vulnerability

CVE-2022-46328 7.5 - High - December 20, 2022

Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Improper Input Validation

The memory management module has the logic bypass vulnerability

CVE-2021-46852 7.5 - High - November 09, 2022

The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

There is a race condition vulnerability in SD upgrade mode

CVE-2022-44563 5.9 - Medium - November 09, 2022

There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

Race Condition

The system framework layer has a vulnerability of serialization/deserialization mismatch

CVE-2022-44562 9.8 - Critical - November 09, 2022

The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Improper Privilege Management

The graphics display module has a UAF vulnerability when traversing graphic layers

CVE-2022-44550 7.5 - High - November 09, 2022

The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.

The LBS module has a vulnerability in geofencing API access

CVE-2022-44549 7.5 - High - November 09, 2022

The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

Exposure of Resource to Wrong Sphere

There is a vulnerability in permission verification during the Bluetooth pairing process

CVE-2022-44548 4.3 - Medium - November 09, 2022

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

Incorrect Default Permissions

The Display Service module has a UAF vulnerability

CVE-2022-44547 7.5 - High - November 09, 2022

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

Dangling pointer

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released

CVE-2022-44546 7.5 - High - November 09, 2022

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.

The DRM module has a vulnerability in verifying the secure memory attributes

CVE-2021-46851 9.8 - Critical - November 09, 2022

The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.

The AMS module has a vulnerability of serialization/deserialization mismatch

CVE-2022-44559 9.8 - Critical - November 09, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Marshaling, Unmarshaling

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files

CVE-2022-44557 7.5 - High - November 09, 2022

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.

The DDMP/ODMF module has a service hijacking vulnerability

CVE-2022-44555 7.5 - High - November 09, 2022

The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.

The power module has a vulnerability in permission verification

CVE-2022-44554 7.5 - High - November 09, 2022

The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider

CVE-2022-44553 5.3 - Medium - November 09, 2022

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.

The lock screen module has defects introduced in the design process

CVE-2022-44552 7.5 - High - November 09, 2022

The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

The iaware module has a vulnerability in thread security

CVE-2022-44551 9.8 - Critical - November 09, 2022

The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

The launcher module has an Intent redirection vulnerability

CVE-2022-44560 5.3 - Medium - November 09, 2022

The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.

The preset launcher module has a permission verification vulnerability

CVE-2022-44561 7.5 - High - November 09, 2022

The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.

Incorrect Default Permissions

The AMS module has a vulnerability of serialization/deserialization mismatch

CVE-2022-44558 9.8 - Critical - November 09, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Marshaling, Unmarshaling

Missing parameter type validation in the DRM module

CVE-2022-44556 7.5 - High - November 08, 2022

Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

Improper Input Validation

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

CVE-2022-38983 9.8 - Critical - October 14, 2022

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

Dangling pointer

The phones have the heap overflow

CVE-2022-41603 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41602 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41601 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41600 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41598 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41597 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41595 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Memory Corruption

The phones have the heap overflow

CVE-2022-41594 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41593 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41592 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel

CVE-2022-41577 7.1 - High - October 14, 2022

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.

Out-of-bounds Read

The rphone module has a script

CVE-2022-41576 7.8 - High - October 14, 2022

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2022-41580 9.8 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

CVE-2022-41578 9.8 - Critical - October 14, 2022

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

Memory Corruption

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read

CVE-2022-38998 7.5 - High - October 14, 2022

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Out-of-bounds Read

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering

CVE-2022-38986 9.1 - Critical - October 14, 2022

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read

CVE-2022-38984 7.5 - High - October 14, 2022

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Out-of-bounds Read

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2021-46839 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

CVE-2022-41589 7.5 - High - October 14, 2022

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-41588 7.5 - High - October 14, 2022

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.

Uncaptured exceptions in the home screen module

CVE-2022-41587 5.3 - Medium - October 14, 2022

Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.

Improper Check for Unusual or Exceptional Conditions

The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-41586 7.5 - High - October 14, 2022

The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-41585 7.8 - High - October 14, 2022

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-41584 7.8 - High - October 14, 2022

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

CVE-2022-41583 7.5 - High - October 14, 2022

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

Out-of-bounds Read

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

CVE-2022-41582 7.5 - High - October 14, 2022

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2022-41581 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

CVE-2022-39011 7.5 - High - October 14, 2022

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2021-46840 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38985 7.5 - High - October 14, 2022

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

Improper Input Validation

Configuration defects in the secure OS module

CVE-2021-40023 7.5 - High - September 16, 2022

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

Implementation of the WLAN module interfaces has the information disclosure vulnerability

CVE-2021-40024 7.5 - High - September 16, 2022

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Implementation of the WLAN module interfaces has the information disclosure vulnerability

CVE-2021-46836 7.5 - High - September 16, 2022

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38978 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38979 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38987 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38988 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38989 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The MPTCP module has the memory leak vulnerability

CVE-2022-39005 7.5 - High - September 16, 2022

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

Memory Leak

The secure OS module has configuration defects

CVE-2022-38995 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.