Huawei Emui vulnerabilities

CVE-2023-39389 [HIGH] CWE-120 CVE-2023-39389: Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.

CVE-2023-39383 [HIGH] CWE-200 CVE-2023-39383: Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploita Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.

CVE-2023-39388 [HIGH] CWE-120 CVE-2023-39388: Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.

CVE-2023-39396 [HIGH] CWE-125 CVE-2023-39396: Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-39381 [HIGH] CWE-20 CVE-2023-39381: Input verification vulnerability in the storage module. Successful exploitation of this vulnerabili Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39391 [HIGH] CWE-264 CVE-2023-39391: Vulnerability of system file information leakage in the USB Service module. Successful exploitation Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-39382 [HIGH] CWE-20 CVE-2023-39382: Input verification vulnerability in the audio module. Successful exploitation of this vulnerability Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.

CVE-2023-39406 [HIGH] CWE-264 CVE-2023-39406: Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerabi Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.

CVE-2023-39386 [HIGH] CWE-120 CVE-2023-39386: Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploita Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.

CVE-2023-39404 [HIGH] CWE-20 CVE-2023-39404: Vulnerability of input parameter verification in certain APIs in the window management module. Succe Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39394 [HIGH] CWE-264 CVE-2023-39394: Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.

CVE-2023-39392 [HIGH] CWE-16 CVE-2023-39392: Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnera Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.

CVE-2023-39380 [HIGH] CWE-264 CVE-2023-39380: Permission control vulnerability in the audio module. Successful exploitation of this vulnerability Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

CVE-2023-39384 [HIGH] CWE-264 CVE-2023-39384: Vulnerability of incomplete permission verification in the input method module. Successful exploitat Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-39387 [MEDIUM] CWE-264 CVE-2023-39387: Vulnerability of permission control in the window management module. Successful exploitation of this Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVE-2022-48510 [CRITICAL] CWE-200 CVE-2022-48510: Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability wi Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.

CVE-2022-48511 [CRITICAL] CWE-843 CVE-2022-48511: Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successf Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.

CVE-2023-37240 [CRITICAL] CWE-125 CVE-2023-37240: Vulnerability of missing input length verification in the distributed file system. Successful expl Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2023-37242 [CRITICAL] CWE-639 CVE-2023-37242: Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

CVE-2021-46894 [CRITICAL] CWE-269 CVE-2021-46894: Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerabilit Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.