Huawei Emui vulnerabilities

CVE-2023-37245 [CRITICAL] CWE-120 CVE-2023-37245: Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerabi Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.

CVE-2022-48513 [CRITICAL] CWE-290 CVE-2022-48513: Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2022-48512 [CRITICAL] CWE-122 CVE-2022-48512: Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this v Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

CVE-2023-34164 [HIGH] CWE-476 CVE-2023-34164: Vulnerability of incomplete input parameter verification in the communication framework module. Succ Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48507 [HIGH] CWE-294 CVE-2022-48507: Vulnerability of identity verification being bypassed in the storage module. Successful exploitation Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-1695 [HIGH] CWE-755 CVE-2023-1695: Vulnerability of failures to capture exceptions in the communication framework. Successful exploitat Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2022-48516 [HIGH] CWE-200 CVE-2022-48516: Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Succe Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-48508 [HIGH] CWE-264 CVE-2022-48508: Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulne Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-37239 [HIGH] CWE-200 CVE-2023-37239: Format string vulnerability in the distributed file system. Attackers who bypass the selinux permis Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.

CVE-2023-1691 [HIGH] CWE-248 CVE-2023-1691: Vulnerability of failures to capture exceptions in the communication framework. Successful exploitat Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2022-48520 [HIGH] CWE-200 CVE-2022-48520: Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerabil Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48515 [HIGH] CWE-269 CVE-2022-48515: Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnera Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48519 [HIGH] CWE-200 CVE-2022-48519: Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerabil Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-46892 [HIGH] CWE-701 CVE-2021-46892: Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability m Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-37241 [HIGH] CWE-20 CVE-2023-37241: Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may c Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2022-48517 [HIGH] CWE-701 CVE-2022-48517: Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vu Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.

CVE-2023-3456 [MEDIUM] CWE-20 CVE-2023-3456: Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48518 [MEDIUM] CWE-701 CVE-2022-48518: Vulnerability of signature verification in the iaware system being initialized later than the time w Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CVE-2023-37238 [MEDIUM] CWE-275 CVE-2023-37238: Vulnerability of apps' permission to access a certain API being incompletely verified in the wireles Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.

CVE-2022-48509 [MEDIUM] CWE-476 CVE-2022-48509: Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Sh Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.