Huawei Emui vulnerabilities

CVE-2025-58311 [HIGH] CWE-416 CVE-2025-58311: UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability wi UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2025-58302 [MEDIUM] CWE-264 CVE-2025-58302: Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vul Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-58276 [MEDIUM] CWE-264 CVE-2025-58276: Permission verification vulnerability in the home screen module Impact: Successful exploitation of t Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-54628 [HIGH] CWE-118 CVE-2025-54628: Vulnerability of incomplete verification information in the communication module. Impact: Successful Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-54642 [MEDIUM] CWE-20 CVE-2025-54642: Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Im Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-54636 [MEDIUM] CWE-20 CVE-2025-54636: Issue of buffer overflow caused by insufficient data verification in the kernel drop detection modul Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-54646 [MEDIUM] CWE-130 CVE-2025-54646: Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation o Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance.

CVE-2025-54611 [MEDIUM] CWE-840 CVE-2025-54611: EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-54629 [MEDIUM] CWE-362 CVE-2025-54629: Race condition issue occurring in the physical page import process of the memory management module. Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2025-54632 [MEDIUM] CWE-120 CVE-2025-54632: Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploit Vulnerability of insufficient data length verification in the HVB module. Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2025-54641 [MEDIUM] CWE-20 CVE-2025-54641: Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-54631 [MEDIUM] CWE-190 CVE-2025-54631: Vulnerability of insufficient data length verification in the partition module. Impact: Successful e Vulnerability of insufficient data length verification in the partition module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-54644 [MEDIUM] CWE-125 CVE-2025-54644: Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light m Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-54637 [MEDIUM] CWE-125 CVE-2025-54637: Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light m Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-54643 [MEDIUM] CWE-125 CVE-2025-54643: Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light m Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2025-53186 [MEDIUM] CWE-264 CVE-2025-53186: Vulnerability that allows third-party call apps to send broadcasts without verification in the audio Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-53178 [MEDIUM] CWE-264 CVE-2025-53178: Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of th Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

CVE-2025-53185 [MEDIUM] CWE-416 CVE-2025-53185: Virtual address reuse issue in the memory management module, which can be exploited by non-privilege Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2025-53177 [LOW] CWE-264 CVE-2025-53177: Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of th Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.

CVE-2025-48902 [MEDIUM] CWE-118 CVE-2025-48902: Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.