Huawei Emui vulnerabilities

CVE-2022-41603 [LOW] CWE-125 CVE-2022-41603: The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the finge The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.

CVE-2022-39007 [CRITICAL] CWE-269 CVE-2022-39007: The location module has a vulnerability of bypassing permission verification.Successful exploitation The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-39008 [CRITICAL] CWE-502 CVE-2022-39008: The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.

CVE-2022-39002 [CRITICAL] CWE-415 CVE-2022-39002: Double free vulnerability in the storage module. Successful exploitation of this vulnerability will Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

CVE-2022-39003 [CRITICAL] CWE-120 CVE-2022-39003: Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.

CVE-2021-40019 [CRITICAL] CWE-125 CVE-2021-40019: Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vu Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2022-38999 [CRITICAL] CVE-2022-38999: The AOD module has the improper update of reference count vulnerability. Successful exploitation of The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

CVE-2022-39009 [CRITICAL] CWE-287 CVE-2022-39009: The WLAN module has a vulnerability in permission verification. Successful exploitation of this vuln The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.

CVE-2021-40017 [CRITICAL] CWE-20 CVE-2021-40017: The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-39000 [CRITICAL] CVE-2022-39000: The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vul The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVE-2022-39005 [HIGH] CWE-401 CVE-2022-39005: The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-39010 [HIGH] CVE-2022-39010: The HwChrService module has a vulnerability in permission control. Successful exploitation of this v The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.

CVE-2022-38979 [HIGH] CVE-2022-38979: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-39001 [HIGH] CWE-22 CVE-2022-39001: The number identification module has a path traversal vulnerability. Successful exploitation of this The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

CVE-2021-46836 [HIGH] CVE-2021-46836: Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successfu Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38988 [HIGH] CVE-2022-38988: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38987 [HIGH] CVE-2022-38987: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38997 [HIGH] CVE-2022-38997: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38993 [HIGH] CVE-2022-38993: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38989 [HIGH] CVE-2022-38989: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.