Magic Ui Huawei Magic Ui

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Huawei Magic Ui.

By the Year

In 2025 there have been 0 vulnerabilities in Huawei Magic Ui. Magic Ui did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 132 7.66
2021 139 7.61
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Magic Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Huawei Magic Ui Security Vulnerabilities

The number identification module has a path traversal vulnerability

CVE-2022-39001 7.5 - High - September 16, 2022

The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

Directory traversal

Double free vulnerability in the storage module

CVE-2022-39002 9.8 - Critical - September 16, 2022

Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

Double-free

Buffer overflow vulnerability in the video framework

CVE-2022-39003 9.1 - Critical - September 16, 2022

Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.

Classic Buffer Overflow

The MPTCP module has the memory leak vulnerability

CVE-2022-39004 7.5 - High - September 16, 2022

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

Memory Leak

The MPTCP module has the memory leak vulnerability

CVE-2022-39005 7.5 - High - September 16, 2022

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

Memory Leak

The MPTCP module has the race condition vulnerability

CVE-2022-39006 5.9 - Medium - September 16, 2022

The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.

Race Condition

Out-of-bounds write vulnerability in the power consumption module

CVE-2020-36600 7.5 - High - September 16, 2022

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

Memory Corruption

Out-of-bounds write vulnerability in the kernel modules

CVE-2020-36601 7.5 - High - September 16, 2022

Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.

Memory Corruption

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVE-2022-39000 9.8 - Critical - September 16, 2022

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

Out-of-bounds heap read vulnerability in the HW_KEYMASTER module

CVE-2021-40019 9.1 - Critical - September 16, 2022

Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.

Out-of-bounds Read

The secure OS module has configuration defects

CVE-2022-38978 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38979 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38987 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38988 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38989 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38990 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38991 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38992 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The secure OS module has configuration defects

CVE-2022-38993 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

The secure OS module has configuration defects

CVE-2022-38997 7.5 - High - September 16, 2022

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The SystemUI module has a privilege escalation vulnerability

CVE-2022-37002 9.8 - Critical - August 10, 2022

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

The AOD module has a vulnerability in permission assignment

CVE-2022-37003 9.8 - Critical - August 10, 2022

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.

Incorrect Default Permissions

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE)

CVE-2022-37004 7.5 - High - August 10, 2022

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.

The Settings application has an argument injection vulnerability

CVE-2022-37005 7.5 - High - August 10, 2022

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Argument Injection

The chinadrm module has an out-of-bounds read vulnerability

CVE-2022-37007 7.5 - High - August 10, 2022

The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.

Out-of-bounds Read

The recovery module has a vulnerability of bypassing the verification of an update package before use

CVE-2022-37008 7.5 - High - August 10, 2022

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.

Insufficient Verification of Data Authenticity

The My HUAWEI app has a defect in the design

CVE-2021-40030 7.5 - High - August 10, 2022

The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.

The video framework has the memory overwriting vulnerability caused by addition overflow

CVE-2021-40034 7.5 - High - August 10, 2022

The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module

CVE-2021-40040 7.5 - High - August 10, 2022

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of pointers being incorrectly used during data transmission in the video framework

CVE-2021-40012 7.5 - High - July 12, 2022

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality.

The basic framework and setting module have defects, which were introduced during the design

CVE-2021-46741 7.5 - High - July 12, 2022

The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.

The NFC module has a buffer overflow vulnerability

CVE-2022-34740 6.5 - Medium - July 12, 2022

The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.

Classic Buffer Overflow

The NFC module has a buffer overflow vulnerability

CVE-2022-34741 6.5 - Medium - July 12, 2022

The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.

Classic Buffer Overflow

The application security module has a vulnerability in permission assignment

CVE-2022-34737 9.1 - Critical - July 12, 2022

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

Incorrect Default Permissions

The SystemUI module has a vulnerability in permission control

CVE-2022-34738 7.5 - High - July 12, 2022

The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background.

The fingerprint module has a vulnerability of overflow in arithmetic addition

CVE-2022-34739 7.5 - High - July 12, 2022

The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.

The system module has a read/write vulnerability

CVE-2022-34742 7.5 - High - July 12, 2022

The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Out-of-bounds Read

The AT commands of the USB port have an out-of-bounds read vulnerability

CVE-2022-34743 7.5 - High - July 12, 2022

The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.

Out-of-bounds Read

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.

CVE-2021-40013 6.5 - Medium - July 12, 2022

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40016 6.5 - Medium - July 12, 2022

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.

Configuration defects in the secure OS module

CVE-2022-31761 7.5 - High - June 13, 2022

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

Logical defects in code implementation in some products

CVE-2022-31754 7.5 - High - June 13, 2022

Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.

Missing authorization vulnerability in the system components

CVE-2022-31752 5.5 - Medium - June 13, 2022

Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

AuthZ

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services

CVE-2022-31760 9.1 - Critical - June 13, 2022

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

The setting module has a vulnerability of improper use of APIs

CVE-2022-31757 7.5 - High - June 13, 2022

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

The voice wakeup module has a vulnerability of using externally-controlled format strings

CVE-2022-31753 7.5 - High - June 13, 2022

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.

Use of Externally-Controlled Format String

HwSEServiceAPP has a vulnerability in permission management

CVE-2021-46811 5.3 - Medium - June 13, 2022

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

Incorrect Default Permissions

Vulnerability of residual files not being deleted after an update in the ChinaDRM module

CVE-2021-46813 7.5 - High - June 13, 2022

Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.

Improper Removal of Sensitive Information Before Storage or Transfer

The fingerprint sensor module has design defects

CVE-2022-31756 5.5 - Medium - June 13, 2022

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

The communication module has a vulnerability of improper permission preservation

CVE-2022-31755 5.5 - Medium - June 13, 2022

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

Improper Preservation of Permissions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Huawei Harmonyos or by Huawei? Click the Watch button to subscribe.

Huawei
Vendor

subscribe