Huawei Emui vulnerabilities

CVE-2023-41304 [MEDIUM] CWE-754 CVE-2023-41304: Parameter verification vulnerability in the window module.Successful exploitation of this vulnerabil Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

CVE-2023-44102 [MEDIUM] CWE-668 CVE-2023-44102: Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this v Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

CVE-2023-44094 [MEDIUM] CWE-843 CVE-2023-44094: Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerab Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44110 [MEDIUM] CWE-20 CVE-2023-44110: Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-41308 [HIGH] CWE-532 CVE-2023-41308: Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affe Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41305 [HIGH] CWE-326 CVE-2023-41305: Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS mess Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41307 [HIGH] CWE-787 CVE-2023-41307: Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerabili Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-41309 [HIGH] CWE-269 CVE-2023-41309: Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of t Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48606 [HIGH] CWE-476 CVE-2022-48606: Stability-related vulnerability in the binder background management and control module. Successful e Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-41311 [MEDIUM] CWE-284 CVE-2023-41311: Permission control vulnerability in the audio module. Successful exploitation of this vulnerability Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.

CVE-2023-41312 [MEDIUM] CWE-269 CVE-2023-41312: Permission control vulnerability in the audio module. Successful exploitation of this vulnerability Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.

CVE-2023-4565 [MEDIUM] CWE-732 CVE-2023-4565: Broadcast permission control vulnerability in the framework module. Successful exploitation of this Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

CVE-2023-41306 [LOW] CWE-362 CVE-2023-41306: Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful e Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

CVE-2023-41310 [LOW] CWE-400 CVE-2023-41310: Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerab Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

CVE-2023-41296 [CRITICAL] CWE-862 CVE-2023-41296: Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnera Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVE-2023-41297 [CRITICAL] CVE-2023-41297: Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exp Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.

CVE-2022-48605 [CRITICAL] CWE-20 CVE-2022-48605: Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerab Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2023-41301 [HIGH] CWE-269 CVE-2023-41301: Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerab Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-39408 [HIGH] CWE-120 CVE-2023-39408: DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-39409 [HIGH] CWE-120 CVE-2023-39409: DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.