Huawei Emui vulnerabilities

CVE-2022-31757 [HIGH] CVE-2022-31757: The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vuln The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31762 [HIGH] CWE-20 CVE-2022-31762: The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerabilit The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2021-46812 [HIGH] CVE-2021-46812: The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.

CVE-2021-46813 [HIGH] CWE-212 CVE-2021-46813: Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46814 [HIGH] CWE-125 CVE-2021-46814: The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31755 [MEDIUM] CWE-281 CVE-2022-31755: The communication module has a vulnerability of improper permission preservation. Successful exploit The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31756 [MEDIUM] CVE-2022-31756: The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31758 [MEDIUM] CWE-362 CVE-2022-31758: The kernel module has the race condition vulnerability. Successful exploitation of this vulnerabilit The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31751 [MEDIUM] CVE-2022-31751: The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability m The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31759 [MEDIUM] CWE-824 CVE-2022-31759: AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vul AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.

CVE-2021-46811 [MEDIUM] CWE-276 CVE-2021-46811: HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnera HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

CVE-2022-31752 [MEDIUM] CWE-862 CVE-2022-31752: Missing authorization vulnerability in the system components. Successful exploitation of this vulner Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-31763 [MEDIUM] CWE-476 CVE-2022-31763: The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitat The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-29794 [CRITICAL] CWE-416 CVE-2022-29794: The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.

CVE-2021-46786 [CRITICAL] CWE-119 CVE-2021-46786: The audio module has a vulnerability in verifying the parameters passed by the application space.Suc The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-22260 [CRITICAL] CWE-416 CVE-2022-22260: The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

CVE-2022-22252 [HIGH] CWE-416 CVE-2022-22252: The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect syst The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

CVE-2021-46789 [HIGH] CVE-2021-46789: Configuration defects in the secure OS module. Successful exploitation of this vulnerability can aff Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.

CVE-2022-22261 [HIGH] CVE-2022-22261: The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29793 [HIGH] CVE-2022-29793: There is a configuration defect in the activation lock of mobile phones.Successful exploitation of t There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.