Huawei Emui
By the Year
In 2023 there have been 22 vulnerabilities in Huawei Emui with an average score of 7.3 out of ten. Last year Emui had 237 security vulnerabilities published. Right now, Emui is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.30
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 22 | 7.26 |
2022 | 237 | 7.57 |
2021 | 140 | 7.62 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Emui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Huawei Emui Security Vulnerabilities
The IHwAttestationService interface has a defect in authentication
CVE-2022-48294
7.5 - High
- February 09, 2023
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
authentification
The IHwAntiMalPlugin interface lacks permission verification
CVE-2022-48295
7.5 - High
- February 09, 2023
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
Improper Preservation of Permissions
The SystemUI has a vulnerability in permission management
CVE-2022-48296
5.3 - Medium
- February 09, 2023
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
Improper Preservation of Permissions
The bundle management module lacks permission verification in some APIs
CVE-2022-48301
7.5 - High
- February 09, 2023
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.
Improper Preservation of Permissions
The Bluetooth module has an out-of-memory (OOM) vulnerability
CVE-2022-48292
6.5 - Medium
- February 09, 2023
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Out-of-bounds Read
The Bluetooth module has an OOM vulnerability
CVE-2022-48293
6.5 - Medium
- February 09, 2023
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Out-of-bounds Read
The geofencing kernel code has a vulnerability of not verifying the length of the input data
CVE-2022-48297
7.5 - High
- February 09, 2023
The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
Improper Input Validation
The geofencing kernel code does not verify the length of the input data
CVE-2022-48298
7.5 - High
- February 09, 2023
The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.
Improper Input Validation
The WMS module lacks the authentication mechanism in some APIs
CVE-2022-48299
7.5 - High
- February 09, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The WMS module lacks the authentication mechanism in some APIs
CVE-2022-48300
7.5 - High
- February 09, 2023
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48302
7.5 - High
- February 09, 2023
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
AuthZ
The multi-screen collaboration module has a privilege escalation vulnerability
CVE-2022-48286
7.5 - High
- February 09, 2023
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
AuthZ
The HwContacts module has a logic bypass vulnerability
CVE-2022-48287
7.5 - High
- February 09, 2023
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.
The bundle management module lacks authentication and control mechanisms in some APIs
CVE-2022-48288
7.5 - High
- February 09, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The bundle management module lacks authentication and control mechanisms in some APIs
CVE-2022-48289
7.5 - High
- February 09, 2023
The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
The system has a vulnerability
CVE-2022-46761
7.5 - High
- January 06, 2023
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46762
7.5 - High
- January 06, 2023
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
The Bluetooth AVRCP module has a vulnerability
CVE-2022-47974
6.5 - Medium
- January 06, 2023
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
The DUBAI module has a double free vulnerability
CVE-2022-47975
7.5 - High
- January 06, 2023
The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.
Double-free
The DMSDP module of the distributed hardware has a vulnerability
CVE-2022-47976
7.5 - High
- January 06, 2023
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
CVE-2021-46867
7.5 - High
- January 06, 2023
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Out-of-bounds Read
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
CVE-2021-46868
7.5 - High
- January 06, 2023
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
Out-of-bounds Read
The multi-screen collaboration module has a path traversal vulnerability
CVE-2021-46856
7.5 - High
- December 20, 2022
The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Directory traversal
The backup module has a path traversal vulnerability
CVE-2022-41591
7.5 - High
- December 20, 2022
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.
Directory traversal
The system tool has inconsistent serialization and deserialization
CVE-2022-41596
7.5 - High
- December 20, 2022
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.
Marshaling, Unmarshaling
The system service has a vulnerability that causes incorrect return values
CVE-2022-41599
7.5 - High
- December 20, 2022
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
The application management module has a vulnerability in permission verification
CVE-2022-46312
7.5 - High
- December 20, 2022
The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.
The power consumption module has an out-of-bounds read vulnerability
CVE-2022-46317
7.5 - High
- December 20, 2022
The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
Out-of-bounds Read
The HAware module has a function logic error
CVE-2022-46318
5.3 - Medium
- December 20, 2022
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.
Fingerprint calibration has a vulnerability of lacking boundary judgment
CVE-2022-46319
9.8 - Critical
- December 20, 2022
Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.
Memory Corruption
The kernel module has an out-of-bounds read vulnerability
CVE-2022-46320
9.8 - Critical
- December 20, 2022
The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.
Out-of-bounds Read
The Wi-Fi module has a vulnerability in permission verification
CVE-2022-46321
7.5 - High
- December 20, 2022
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.
Some smartphones have the out-of-bounds write vulnerability
CVE-2022-46322
7.5 - High
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46323
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability
CVE-2022-46324
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46325
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have the out-of-bounds write vulnerability
CVE-2022-46326
9.8 - Critical
- December 20, 2022
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
Memory Corruption
Some smartphones have configuration issues
CVE-2022-46327
9.8 - Critical
- December 20, 2022
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.
Some smartphones have the input validation vulnerability
CVE-2022-46328
7.5 - High
- December 20, 2022
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Improper Input Validation
The memory management module has the logic bypass vulnerability
CVE-2021-46852
7.5 - High
- November 09, 2022
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Missing Authentication for Critical Function
There is a race condition vulnerability in SD upgrade mode
CVE-2022-44563
5.9 - Medium
- November 09, 2022
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
Race Condition
The system framework layer has a vulnerability of serialization/deserialization mismatch
CVE-2022-44562
9.8 - Critical
- November 09, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Improper Privilege Management
The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-44550
7.5 - High
- November 09, 2022
The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
The LBS module has a vulnerability in geofencing API access
CVE-2022-44549
7.5 - High
- November 09, 2022
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.
Exposure of Resource to Wrong Sphere
There is a vulnerability in permission verification during the Bluetooth pairing process
CVE-2022-44548
4.3 - Medium
- November 09, 2022
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.
Incorrect Default Permissions
The Display Service module has a UAF vulnerability
CVE-2022-44547
7.5 - High
- November 09, 2022
The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.
Dangling pointer
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released
CVE-2022-44546
7.5 - High
- November 09, 2022
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
The DRM module has a vulnerability in verifying the secure memory attributes
CVE-2021-46851
9.8 - Critical
- November 09, 2022
The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
The AMS module has a vulnerability of serialization/deserialization mismatch
CVE-2022-44559
9.8 - Critical
- November 09, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Marshaling, Unmarshaling
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files
CVE-2022-44557
7.5 - High
- November 09, 2022
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.
The DDMP/ODMF module has a service hijacking vulnerability
CVE-2022-44555
7.5 - High
- November 09, 2022
The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.
The power module has a vulnerability in permission verification
CVE-2022-44554
7.5 - High
- November 09, 2022
The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider
CVE-2022-44553
5.3 - Medium
- November 09, 2022
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.
The lock screen module has defects introduced in the design process
CVE-2022-44552
7.5 - High
- November 09, 2022
The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
The iaware module has a vulnerability in thread security
CVE-2022-44551
9.8 - Critical
- November 09, 2022
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
The launcher module has an Intent redirection vulnerability
CVE-2022-44560
5.3 - Medium
- November 09, 2022
The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.
The preset launcher module has a permission verification vulnerability
CVE-2022-44561
7.5 - High
- November 09, 2022
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
Incorrect Default Permissions
The AMS module has a vulnerability of serialization/deserialization mismatch
CVE-2022-44558
9.8 - Critical
- November 09, 2022
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Marshaling, Unmarshaling
Missing parameter type validation in the DRM module
CVE-2022-44556
7.5 - High
- November 08, 2022
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.
Improper Input Validation
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
CVE-2022-38983
9.8 - Critical
- October 14, 2022
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
Dangling pointer
The phones have the heap overflow
CVE-2022-41603
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41602
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41601
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41600
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41598
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41597
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41595
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Memory Corruption
The phones have the heap overflow
CVE-2022-41594
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41593
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The phones have the heap overflow
CVE-2022-41592
3.4 - Low
- October 14, 2022
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
Out-of-bounds Read
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel
CVE-2022-41577
7.1 - High
- October 14, 2022
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.
Out-of-bounds Read
The rphone module has a script
CVE-2022-41576
7.8 - High
- October 14, 2022
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2022-41580
9.8 - Critical
- October 14, 2022
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Out-of-bounds Read
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
CVE-2022-41578
9.8 - Critical
- October 14, 2022
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
Memory Corruption
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read
CVE-2022-38998
7.5 - High
- October 14, 2022
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
Out-of-bounds Read
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering
CVE-2022-38986
9.1 - Critical
- October 14, 2022
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read
CVE-2022-38984
7.5 - High
- October 14, 2022
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
Out-of-bounds Read
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2021-46839
9.1 - Critical
- October 14, 2022
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Out-of-bounds Read
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
CVE-2022-41589
7.5 - High
- October 14, 2022
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.
CVE-2022-41588
7.5 - High
- October 14, 2022
The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.
Uncaptured exceptions in the home screen module
CVE-2022-41587
5.3 - Medium
- October 14, 2022
Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability.
Improper Check for Unusual or Exceptional Conditions
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-41586
7.5 - High
- October 14, 2022
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41585
7.8 - High
- October 14, 2022
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
Out-of-bounds Read
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41584
7.8 - High
- October 14, 2022
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
Out-of-bounds Read
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
CVE-2022-41583
7.5 - High
- October 14, 2022
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
Out-of-bounds Read
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
CVE-2022-41582
7.5 - High
- October 14, 2022
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2022-41581
9.1 - Critical
- October 14, 2022
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
CVE-2022-39011
7.5 - High
- October 14, 2022
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data
CVE-2021-46840
9.1 - Critical
- October 14, 2022
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
Out-of-bounds Read
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38985
7.5 - High
- October 14, 2022
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.
Improper Input Validation
Configuration defects in the secure OS module
CVE-2021-40023
7.5 - High
- September 16, 2022
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.
Implementation of the WLAN module interfaces has the information disclosure vulnerability
CVE-2021-40024
7.5 - High
- September 16, 2022
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Implementation of the WLAN module interfaces has the information disclosure vulnerability
CVE-2021-46836
7.5 - High
- September 16, 2022
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
The secure OS module has configuration defects
CVE-2022-38978
7.5 - High
- September 16, 2022
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
The secure OS module has configuration defects
CVE-2022-38979
7.5 - High
- September 16, 2022
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
The secure OS module has configuration defects
CVE-2022-38987
7.5 - High
- September 16, 2022
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
The secure OS module has configuration defects
CVE-2022-38988
7.5 - High
- September 16, 2022
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
The secure OS module has configuration defects
CVE-2022-38989
7.5 - High
- September 16, 2022
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
The MPTCP module has the memory leak vulnerability
CVE-2022-39005
7.5 - High
- September 16, 2022
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
Memory Leak
The secure OS module has configuration defects
CVE-2022-38995
7.5 - High
- September 16, 2022
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Huawei Emui or by Huawei? Click the Watch button to subscribe.
