Huawei Harmonyos

The IHwAttestationService interface has a defect in authentication

CVE-2022-48294 7.5 - High - February 09, 2023

The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

authentification

The IHwAntiMalPlugin interface lacks permission verification

CVE-2022-48295 7.5 - High - February 09, 2023

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).

Improper Preservation of Permissions

The SystemUI has a vulnerability in permission management

CVE-2022-48296 5.3 - Medium - February 09, 2023

The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.

Improper Preservation of Permissions

The bundle management module lacks permission verification in some APIs

CVE-2022-48301 7.5 - High - February 09, 2023

The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.

Improper Preservation of Permissions

The phone-PC collaboration module has a logic bypass vulnerability

CVE-2022-48290 9.1 - Critical - February 09, 2023

The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.

The Bluetooth module has an out-of-memory (OOM) vulnerability

CVE-2022-48292 6.5 - Medium - February 09, 2023

The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Out-of-bounds Read

The Bluetooth module has an OOM vulnerability

CVE-2022-48293 6.5 - Medium - February 09, 2023

The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Out-of-bounds Read

The geofencing kernel code has a vulnerability of not verifying the length of the input data

CVE-2022-48297 7.5 - High - February 09, 2023

The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

Improper Input Validation

The geofencing kernel code does not verify the length of the input data

CVE-2022-48298 7.5 - High - February 09, 2023

The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

Improper Input Validation

The WMS module lacks the authentication mechanism in some APIs

CVE-2022-48299 7.5 - High - February 09, 2023

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The WMS module lacks the authentication mechanism in some APIs

CVE-2022-48300 7.5 - High - February 09, 2023

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48302 7.5 - High - February 09, 2023

The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

AuthZ

The multi-screen collaboration module has a privilege escalation vulnerability

CVE-2022-48286 7.5 - High - February 09, 2023

The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

AuthZ

The HwContacts module has a logic bypass vulnerability

CVE-2022-48287 7.5 - High - February 09, 2023

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.

The bundle management module lacks authentication and control mechanisms in some APIs

CVE-2022-48288 7.5 - High - February 09, 2023

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The bundle management module lacks authentication and control mechanisms in some APIs

CVE-2022-48289 7.5 - High - February 09, 2023

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The system has a vulnerability

CVE-2022-46761 7.5 - High - January 06, 2023

The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-46762 7.5 - High - January 06, 2023

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

The Bluetooth AVRCP module has a vulnerability

CVE-2022-47974 6.5 - Medium - January 06, 2023

The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.

The DUBAI module has a double free vulnerability

CVE-2022-47975 7.5 - High - January 06, 2023

The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.

Double-free

The DMSDP module of the distributed hardware has a vulnerability

CVE-2022-47976 7.5 - High - January 06, 2023

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2021-46867 7.5 - High - January 06, 2023

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Out-of-bounds Read

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2021-46868 7.5 - High - January 06, 2023

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

Out-of-bounds Read

The multi-screen collaboration module has a path traversal vulnerability

CVE-2021-46856 7.5 - High - December 20, 2022

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Directory traversal

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed

CVE-2022-41590 5.5 - Medium - December 20, 2022

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability.

authentification

The backup module has a path traversal vulnerability

CVE-2022-41591 7.5 - High - December 20, 2022

The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.

Directory traversal

The system tool has inconsistent serialization and deserialization

CVE-2022-41596 7.5 - High - December 20, 2022

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.

Marshaling, Unmarshaling

The system service has a vulnerability that causes incorrect return values

CVE-2022-41599 7.5 - High - December 20, 2022

The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-46310 7.5 - High - December 20, 2022

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality.

The contacts component has a free (undefined) provider vulnerability

CVE-2022-46311 7.5 - High - December 20, 2022

The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity.

Dangling pointer

The application management module has a vulnerability in permission verification

CVE-2022-46312 7.5 - High - December 20, 2022

The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.

The sensor privacy module has an authentication vulnerability

CVE-2022-46313 5.3 - Medium - December 20, 2022

The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.

authentification

The IPC module has defects introduced in the design process

CVE-2022-46314 7.5 - High - December 20, 2022

The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

The ProfileSDK has defects introduced in the design process

CVE-2022-46315 7.5 - High - December 20, 2022

The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

A thread security vulnerability exists in the authentication process

CVE-2022-46316 9.8 - Critical - December 20, 2022

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

authentification

The power consumption module has an out-of-bounds read vulnerability

CVE-2022-46317 7.5 - High - December 20, 2022

The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.

Out-of-bounds Read

The HAware module has a function logic error

CVE-2022-46318 5.3 - Medium - December 20, 2022

The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.

Fingerprint calibration has a vulnerability of lacking boundary judgment

CVE-2022-46319 9.8 - Critical - December 20, 2022

Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.

Memory Corruption

The kernel module has an out-of-bounds read vulnerability

CVE-2022-46320 9.8 - Critical - December 20, 2022

The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The Wi-Fi module has a vulnerability in permission verification

CVE-2022-46321 7.5 - High - December 20, 2022

The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.

Some smartphones have the out-of-bounds write vulnerability

CVE-2022-46322 7.5 - High - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46323 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability

CVE-2022-46324 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46325 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have the out-of-bounds write vulnerability

CVE-2022-46326 9.8 - Critical - December 20, 2022

Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

Memory Corruption

Some smartphones have configuration issues

CVE-2022-46327 9.8 - Critical - December 20, 2022

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.

Some smartphones have the input validation vulnerability

CVE-2022-46328 7.5 - High - December 20, 2022

Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Improper Input Validation

The preset launcher module has a permission verification vulnerability

CVE-2022-44561 7.5 - High - November 09, 2022

The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.

Incorrect Default Permissions

The launcher module has an Intent redirection vulnerability

CVE-2022-44560 5.3 - Medium - November 09, 2022

The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.

The iaware module has a vulnerability in thread security

CVE-2022-44551 9.8 - Critical - November 09, 2022

The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

The lock screen module has defects introduced in the design process

CVE-2022-44552 7.5 - High - November 09, 2022

The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider

CVE-2022-44553 5.3 - Medium - November 09, 2022

The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.

The power module has a vulnerability in permission verification

CVE-2022-44554 7.5 - High - November 09, 2022

The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.

The DDMP/ODMF module has a service hijacking vulnerability

CVE-2022-44555 7.5 - High - November 09, 2022

The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files

CVE-2022-44557 7.5 - High - November 09, 2022

The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.

The AMS module has a vulnerability of serialization/deserialization mismatch

CVE-2022-44558 9.8 - Critical - November 09, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Marshaling, Unmarshaling

The AMS module has a vulnerability of serialization/deserialization mismatch

CVE-2022-44559 9.8 - Critical - November 09, 2022

The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Marshaling, Unmarshaling

The DRM module has a vulnerability in verifying the secure memory attributes

CVE-2021-46851 9.8 - Critical - November 09, 2022

The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.

The memory management module has the logic bypass vulnerability

CVE-2021-46852 7.5 - High - November 09, 2022

The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Missing Authentication for Critical Function

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released

CVE-2022-44546 7.5 - High - November 09, 2022

The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.

The Display Service module has a UAF vulnerability

CVE-2022-44547 7.5 - High - November 09, 2022

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

Dangling pointer

There is a vulnerability in permission verification during the Bluetooth pairing process

CVE-2022-44548 4.3 - Medium - November 09, 2022

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

Incorrect Default Permissions

The LBS module has a vulnerability in geofencing API access

CVE-2022-44549 7.5 - High - November 09, 2022

The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

Exposure of Resource to Wrong Sphere

The graphics display module has a UAF vulnerability when traversing graphic layers

CVE-2022-44550 7.5 - High - November 09, 2022

The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.

The system framework layer has a vulnerability of serialization/deserialization mismatch

CVE-2022-44562 9.8 - Critical - November 09, 2022

The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Improper Privilege Management

There is a race condition vulnerability in SD upgrade mode

CVE-2022-44563 5.9 - Medium - November 09, 2022

There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

Race Condition

Missing parameter type validation in the DRM module

CVE-2022-44556 7.5 - High - November 08, 2022

Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

Improper Input Validation

The phones have the heap overflow

CVE-2022-41594 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41603 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41602 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41601 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41600 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41598 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41597 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41595 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Memory Corruption

The phones have the heap overflow

CVE-2022-41593 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The phones have the heap overflow

CVE-2022-41592 3.4 - Low - October 14, 2022

The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

Out-of-bounds Read

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel

CVE-2022-41577 7.1 - High - October 14, 2022

The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.

Out-of-bounds Read

The rphone module has a script

CVE-2022-41576 7.8 - High - October 14, 2022

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2022-41580 9.8 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

CVE-2022-41578 9.8 - Critical - October 14, 2022

The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

Memory Corruption

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

CVE-2022-38983 9.8 - Critical - October 14, 2022

The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

Dangling pointer

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

CVE-2022-38981 7.5 - High - October 14, 2022

The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.

Out-of-bounds Read

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read

CVE-2022-38998 7.5 - High - October 14, 2022

The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Out-of-bounds Read

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering

CVE-2022-38986 9.1 - Critical - October 14, 2022

The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38985 7.5 - High - October 14, 2022

The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.

Improper Input Validation

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read

CVE-2022-38984 7.5 - High - October 14, 2022

The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

Out-of-bounds Read

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2021-46839 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may

CVE-2022-38980 9.8 - Critical - October 14, 2022

The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.

Memory Corruption

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

CVE-2022-38982 9.8 - Critical - October 14, 2022

The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes

CVE-2022-38977 7.5 - High - October 14, 2022

The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.

Memory Corruption

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2021-46840 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Out-of-bounds Read

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

CVE-2022-39011 7.5 - High - October 14, 2022

The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data

CVE-2022-41581 9.1 - Critical - October 14, 2022

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

CVE-2022-41582 7.5 - High - October 14, 2022

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-41584 7.8 - High - October 14, 2022

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

CVE-2022-41583 7.5 - High - October 14, 2022

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

Out-of-bounds Read

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

CVE-2022-41589 7.5 - High - October 14, 2022

The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-41588 7.5 - High - October 14, 2022

The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-41585 7.8 - High - October 14, 2022

The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.

Out-of-bounds Read