Huawei Emui vulnerabilities

CVE-2022-48497 [HIGH] CWE-120 CVE-2022-48497: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-34161 [HIGH] CWE-863 CVE-2023-34161: nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of t nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2022-48490 [HIGH] CWE-120 CVE-2022-48490: Configuration defects in the secure OS module.Successful exploitation of this vulnerability will aff Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-34160 [MEDIUM] CWE-290 CVE-2023-34160: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

CVE-2022-48488 [MEDIUM] CWE-863 CVE-2022-48488: Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vul Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

CVE-2023-34156 [MEDIUM] CWE-384 CVE-2023-34156: Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploita Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.

CVE-2023-34158 [MEDIUM] CWE-290 CVE-2023-34158: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

CVE-2022-48491 [MEDIUM] CWE-862 CVE-2022-48491: Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vul Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

CVE-2023-34167 [MEDIUM] CWE-290 CVE-2023-34167: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

CVE-2022-48495 [MEDIUM] CWE-863 CVE-2022-48495: Vulnerability of unauthorized access to foreground app information.Successful exploitation of this v Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.

CVE-2021-46887 [CRITICAL] CVE-2021-46887: Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulne Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-46881 [HIGH] CWE-120 CVE-2021-46881: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48480 [HIGH] CWE-190 CVE-2022-48480: Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may aff Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-0116 [HIGH] CWE-306 CVE-2023-0116: The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitati The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46884 [HIGH] CWE-120 CVE-2021-46884: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46883 [HIGH] CWE-120 CVE-2021-46883: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46882 [HIGH] CWE-120 CVE-2021-46882: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2023-31226 [HIGH] CWE-863 CVE-2023-31226: The SDK for the MediaPlaybackController module has improper permission verification. Successful expl The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-31227 [HIGH] CWE-306 CVE-2023-31227: The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of th The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.

CVE-2021-46885 [HIGH] CWE-120 CVE-2021-46885: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.