Huawei Emui vulnerabilities

CVE-2022-48358 [HIGH] CWE-601 CVE-2022-48358: The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerabi The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.

CVE-2022-48347 [HIGH] CWE-200 CVE-2022-48347: The MediaProvider module has a vulnerability in permission verification. Successful exploitation of The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48351 [HIGH] CWE-400 CVE-2022-48351: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48350 [HIGH] CWE-862 CVE-2022-48350: The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48359 [HIGH] CWE-915 CVE-2022-48359: The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successfu The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48352 [HIGH] CWE-665 CVE-2022-48352: Some smartphones have data initialization issues. Successful exploitation of this vulnerability may Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.

CVE-2022-48355 [MEDIUM] CWE-787 CVE-2022-48355: The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vu The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

CVE-2022-48361 [MEDIUM] CWE-22 CVE-2022-48361: The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitati The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.

CVE-2022-48354 [MEDIUM] CWE-787 CVE-2022-48354: The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this v The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

CVE-2022-48291 [MEDIUM] CWE-306 CVE-2022-48291: The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful e The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48287 [HIGH] CWE-693 CVE-2022-48287: The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerabilit The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-48302 [HIGH] CWE-862 CVE-2022-48302: The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitatio The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48286 [HIGH] CWE-269 CVE-2022-48286: The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitat The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48295 [HIGH] CWE-281 CVE-2022-48295: The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulner The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).

CVE-2022-48294 [HIGH] CWE-287 CVE-2022-48294: The IHwAttestationService interface has a defect in authentication. Successful exploitation of this The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48288 [HIGH] CWE-306 CVE-2022-48288: The bundle management module lacks authentication and control mechanisms in some APIs. Successful ex The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48298 [HIGH] CWE-1284 CVE-2022-48298: The geofencing kernel code does not verify the length of the input data. Successful exploitation of The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48289 [HIGH] CWE-306 CVE-2022-48289: The bundle management module lacks authentication and control mechanisms in some APIs. Successful ex The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48300 [HIGH] CWE-306 CVE-2022-48300: The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vuln The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48299 [HIGH] CWE-306 CVE-2022-48299: The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vuln The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.