Huawei Emui vulnerabilities

CVE-2023-46756 [MEDIUM] CWE-269 CVE-2023-46756: Permission control vulnerability in the window management module. Successful exploitation of this vu Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVE-2023-46755 [MEDIUM] CWE-284 CVE-2023-46755: Vulnerability of input parameters being not strictly verified in the input. Successful exploitation Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

CVE-2023-46763 [MEDIUM] CWE-20 CVE-2023-46763: Vulnerability of background app permission management in the framework module. Successful exploitati Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.

CVE-2023-46764 [MEDIUM] CWE-15 CVE-2023-46764: Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.

CVE-2023-44105 [CRITICAL] CWE-269 CVE-2023-44105: Vulnerability of permissions not being strictly verified in the window management module.Successful Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44106 [CRITICAL] CWE-269 CVE-2023-44106: API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vu API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44118 [CRITICAL] CWE-284 CVE-2023-44118: Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnera Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44116 [CRITICAL] CWE-306 CVE-2023-44116: Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful e Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44111 [HIGH] CWE-307 CVE-2023-44111: Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44093 [HIGH] CWE-200 CVE-2023-44093: Vulnerability of package names' public keys not being verified in the security module.Successful exp Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114 [HIGH] CWE-125 CVE-2023-44114: Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerabilit Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44109 [HIGH] CWE-74 CVE-2023-44109: Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect s Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44095 [HIGH] CWE-416 CVE-2023-44095: Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vuln Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

CVE-2023-44096 [HIGH] CWE-287 CVE-2023-44096: Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44119 [HIGH] CWE-667 CVE-2023-44119: Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vu Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-44103 [HIGH] CWE-20 CVE-2023-44103: Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerabili Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44097 [HIGH] CWE-200 CVE-2023-44097: Vulnerability of the permission to access device SNs being improperly managed.Successful exploitatio Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44108 [HIGH] CWE-843 CVE-2023-44108: Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerab Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44104 [HIGH] CWE-669 CVE-2023-44104: Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this v Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44100 [HIGH] CWE-669 CVE-2023-44100: Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this v Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.