Huawei Emui vulnerabilities

CVE-2022-38990 [HIGH] CVE-2022-38990: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2021-40023 [HIGH] CVE-2021-40023: Configuration defects in the secure OS module. Successful exploitation of this vulnerability will af Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38995 [HIGH] CVE-2022-38995: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38994 [HIGH] CVE-2022-38994: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2020-36601 [HIGH] CWE-787 CVE-2020-36601: Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerabili Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.

CVE-2022-39004 [HIGH] CWE-401 CVE-2022-39004: The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-38992 [HIGH] CVE-2022-38992: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38991 [HIGH] CVE-2022-38991: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38978 [HIGH] CVE-2022-38978: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40024 [HIGH] CVE-2021-40024: Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successfu Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2020-36600 [HIGH] CWE-787 CVE-2020-36600: Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this v Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2022-38996 [HIGH] CVE-2022-38996: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-39006 [MEDIUM] CWE-362 CVE-2022-39006: The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2022-37002 [CRITICAL] CWE-269 CVE-2022-37002: The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulner The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

CVE-2022-37003 [CRITICAL] CWE-276 CVE-2022-37003: The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnera The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.

CVE-2022-37004 [HIGH] CVE-2022-37004: The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successf The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.

CVE-2022-37007 [HIGH] CWE-125 CVE-2022-37007: The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnera The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.

CVE-2021-40040 [HIGH] CVE-2021-40040: Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploit Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-37006 [HIGH] CWE-276 CVE-2022-37006: Permission control vulnerability in the network module. Successful exploitation of this vulnerabilit Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability.

CVE-2022-37008 [HIGH] CWE-345 CVE-2022-37008: The recovery module has a vulnerability of bypassing the verification of an update package before us The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.