Huawei Emui vulnerabilities

CVE-2023-3455 [CRITICAL] CWE-200 CVE-2023-3455: Key management vulnerability on system. Successful exploitation of this vulnerability may affect ser Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2021-46891 [CRITICAL] CWE-200 CVE-2021-46891: Vulnerability of incomplete read and write permission verification in the GPU module. Successful exp Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46890 [CRITICAL] CWE-863 CVE-2021-46890: Vulnerability of incomplete read and write permission verification in the GPU module. Successful exp Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46893 [HIGH] CWE-1284 CVE-2021-46893: Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vul Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.

CVE-2023-34159 [CRITICAL] CVE-2023-34159: Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerab Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

CVE-2022-48494 [HIGH] CWE-287 CVE-2022-48494: Vulnerability of lax app identity verification in the pre-authorization function.Successful exploita Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48500 [HIGH] CWE-404 CVE-2022-48500: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-34163 [HIGH] CVE-2023-34163: Permission control vulnerability in the window management module.Successful exploitation of this vul Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2022-48486 [HIGH] CWE-787 CVE-2022-48486: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48499 [HIGH] CWE-404 CVE-2022-48499: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48492 [HIGH] CWE-1188 CVE-2022-48492: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48493 [HIGH] CWE-1188 CVE-2022-48493: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48496 [HIGH] CWE-287 CVE-2022-48496: Vulnerability of lax app identity verification in the pre-authorization function.Successful exploita Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48498 [HIGH] CWE-770 CVE-2022-48498: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-34166 [HIGH] CWE-400 CVE-2023-34166: Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitati Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.

CVE-2022-48489 [HIGH] CWE-404 CVE-2022-48489: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48501 [HIGH] CWE-120 CVE-2022-48501: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-34155 [HIGH] CVE-2023-34155: Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this v Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.

CVE-2022-48487 [HIGH] CVE-2022-48487: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-34162 [HIGH] CVE-2023-34162: Version update determination vulnerability in the user profile module.Successful exploitation of thi Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.