Huawei Emui vulnerabilities

CVE-2022-44561 [HIGH] CWE-276 CVE-2022-44561: The preset launcher module has a permission verification vulnerability. Successful exploitation of t The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.

CVE-2022-44557 [HIGH] CWE-276 CVE-2022-44557: The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46852 [HIGH] CWE-306 CVE-2021-46852: The memory management module has the logic bypass vulnerability. Successful exploitation of this vul The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-44549 [HIGH] CWE-862 CVE-2022-44549: The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnera The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

CVE-2022-44555 [HIGH] CWE-294 CVE-2022-44555: The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.

CVE-2022-44548 [MEDIUM] CWE-276 CVE-2022-44548: There is a vulnerability in permission verification during the Bluetooth pairing process. Successful There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

CVE-2022-44560 [MEDIUM] CWE-601 CVE-2022-44560: The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnera The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.

CVE-2022-44553 [MEDIUM] CWE-20 CVE-2022-44553: The HiView module has a vulnerability of not filtering third-party apps out when the HiView module t The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.

CVE-2022-44563 [MEDIUM] CWE-362 CVE-2022-44563: There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerab There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-44556 [HIGH] CWE-20 CVE-2022-44556: Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability m Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46839 [CRITICAL] CWE-125 CVE-2021-46839: The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitatio The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-41580 [CRITICAL] CWE-125 CVE-2022-41580: The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation o The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-41581 [CRITICAL] CWE-125 CVE-2022-41581: The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation o The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-38983 [CRITICAL] CWE-416 CVE-2022-38983: The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vu The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

CVE-2022-38986 [CRITICAL] CWE-787 CVE-2022-38986: The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel spa The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.

CVE-2022-41578 [CRITICAL] CWE-787 CVE-2022-41578: The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerabil The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

CVE-2021-46840 [CRITICAL] CWE-125 CVE-2021-46840: The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Succ The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-41586 [HIGH] CWE-130 CVE-2022-41586: The communication framework module has a vulnerability of not truncating data properly.Successful ex The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38984 [HIGH] CWE-125 CVE-2022-38984: The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Succes The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.

CVE-2022-41588 [HIGH] CWE-1264 CVE-2022-41588: The home screen module has a vulnerability in service logic processing.Successful exploitation of th The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.