Huawei Emui vulnerabilities

CVE-2021-46886 [HIGH] CWE-120 CVE-2021-46886: The video framework has memory overwriting caused by addition overflow. Successful exploitation of t The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2023-0117 [MEDIUM] CWE-287 CVE-2023-0117: The online authentication provided by the hwKitAssistant lacks strict identity verification of appli The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.

CVE-2023-31225 [LOW] CWE-362 CVE-2023-31225: The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.

CVE-2023-1696 [HIGH] CWE-203 CVE-2023-1696: The multimedia video module has a vulnerability in data processing.Successful exploitation of this v The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.

CVE-2023-1692 [HIGH] CWE-732 CVE-2023-1692: The window management module lacks permission verification.Successful exploitation of this vulnerabi The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1694 [HIGH] CWE-269 CVE-2023-1694: The Settings module has the file privilege escalation vulnerability.Successful exploitation of this The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1693 [HIGH] CWE-269 CVE-2023-1693: The Settings module has the file privilege escalation vulnerability.Successful exploitation of this The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48312 [CRITICAL] CWE-125 CVE-2022-48312: The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.

CVE-2022-48313 [MEDIUM] CWE-639 CVE-2022-48313: The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48314 [MEDIUM] CWE-287 CVE-2022-48314: The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48349 [CRITICAL] CWE-290 CVE-2022-48349: The control component has a spoofing vulnerability. Successful exploitation of this vulnerability ma The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.

CVE-2022-48353 [CRITICAL] CWE-269 CVE-2022-48353: Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.

CVE-2022-48348 [CRITICAL] CWE-200 CVE-2022-48348: The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of t The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.

CVE-2023-26548 [HIGH] CWE-502 CVE-2023-26548: The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of th The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48346 [HIGH] CWE-200 CVE-2022-48346: The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerabilit The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48357 [HIGH] CWE-770 CVE-2022-48357: Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.

CVE-2023-26549 [HIGH] CWE-233 CVE-2023-26549: The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successf The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-26547 [HIGH] CWE-502 CVE-2023-26547: The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exp The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-48360 [HIGH] CWE-276 CVE-2022-48360: The facial recognition module has a vulnerability in file permission control. Successful exploitatio The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48356 [HIGH] CWE-20 CVE-2022-48356: The facial recognition module has a vulnerability in input parameter verification. Successful exploi The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.