Huawei Emui vulnerabilities

CVE-2022-48297 [HIGH] CWE-1284 CVE-2022-48297: The geofencing kernel code has a vulnerability of not verifying the length of the input data. Succes The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48301 [HIGH] CWE-281 CVE-2022-48301: The bundle management module lacks permission verification in some APIs. Successful exploitation of The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.

CVE-2022-48292 [MEDIUM] CWE-125 CVE-2022-48292: The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulne The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48296 [MEDIUM] CWE-281 CVE-2022-48296: The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerabi The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.

CVE-2022-48293 [MEDIUM] CWE-125 CVE-2022-48293: The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may aff The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46868 [HIGH] CWE-125 CVE-2021-46868: The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerabil The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-46762 [HIGH] CWE-693 CVE-2022-46762: The memory management module has a logic bypass vulnerability.Successful exploitation of this vulner The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-47975 [HIGH] CWE-415 CVE-2022-47975: The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2021-46867 [HIGH] CWE-125 CVE-2021-46867: The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerabil The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-46761 [HIGH] CWE-276 CVE-2022-46761: The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful e The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.

CVE-2022-47976 [HIGH] CWE-287 CVE-2022-47976: The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control con The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.

CVE-2022-47974 [MEDIUM] CWE-287 CVE-2022-47974: The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.

CVE-2022-46320 [CRITICAL] CWE-125 CVE-2022-46320: The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerabi The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.

CVE-2022-46323 [CRITICAL] CWE-787 CVE-2022-46323: Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerab Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46326 [CRITICAL] CWE-787 CVE-2022-46326: Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnera Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46327 [CRITICAL] CWE-269 CVE-2022-46327: Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.

CVE-2022-46324 [CRITICAL] CWE-787 CVE-2022-46324: Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnera Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46325 [CRITICAL] CWE-787 CVE-2022-46325: Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerab Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.

CVE-2022-46319 [CRITICAL] CWE-787 CVE-2022-46319: Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.

CVE-2022-46315 [HIGH] CWE-400 CVE-2022-46315: The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnera The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.