Huawei Emui vulnerabilities

CVE-2023-41302 [HIGH] CWE-22 CVE-2023-41302: Redirection permission verification vulnerability in the home screen module. Successful exploitation Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-41303 [HIGH] CWE-20 CVE-2023-41303: Command injection vulnerability in the distributed file system module. Successful exploitation of th Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

CVE-2023-41299 [HIGH] CWE-120 CVE-2023-41299: DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41300 [HIGH] CWE-20 CVE-2023-41300: Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation o Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41293 [HIGH] CWE-227 CVE-2023-41293: Data security classification vulnerability in the DDMP module. Successful exploitation of this vulne Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41298 [HIGH] CVE-2023-41298: Vulnerability of permission control in the window module. Successful exploitation of this vulnerabil Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41295 [MEDIUM] CWE-732 CVE-2023-41295: Vulnerability of improper permission management in the displayengine module. Successful exploitation Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.

CVE-2023-39398 [CRITICAL] CWE-275 CVE-2023-39398: Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39405 [CRITICAL] CWE-20 CVE-2023-39405: Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

CVE-2023-39399 [CRITICAL] CWE-275 CVE-2023-39399: Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39403 [CRITICAL] CWE-358 CVE-2023-39403: Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39385 [CRITICAL] CWE-16 CVE-2023-39385: Vulnerability of configuration defects in the media module of certain products.. Successful exploita Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.

CVE-2023-39402 [CRITICAL] CWE-22 CVE-2023-39402: Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2021-46895 [CRITICAL] CWE-701 CVE-2021-46895: Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successfu Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.

CVE-2023-39400 [CRITICAL] CWE-22 CVE-2023-39400: Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39401 [CRITICAL] CWE-22 CVE-2023-39401: Parameter verification vulnerability in the installd module. Successful exploitation of this vulnera Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39397 [HIGH] CWE-476 CVE-2023-39397: Input parameter verification vulnerability in the communication system. Successful exploitation of t Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.

CVE-2023-39390 [HIGH] CWE-20 CVE-2023-39390: Vulnerability of input parameter verification in certain APIs in the window management module. Succe Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39395 [HIGH] CWE-19 CVE-2023-39395: Mismatch vulnerability in the serialization process in the communication system. Successful exploita Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.

CVE-2023-39393 [HIGH] CWE-200 CVE-2023-39393: Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.