Huawei Emui vulnerabilities

CVE-2024-58127 [CRITICAL] CWE-290 CVE-2024-58127: Access control vulnerability in the security verification module Impact: Successful exploitation of Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-31170 [CRITICAL] CWE-290 CVE-2025-31170: Access control vulnerability in the security verification module Impact: Successful exploitation of Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58126 [CRITICAL] CWE-290 CVE-2024-58126: Access control vulnerability in the security verification module Impact: Successful exploitation of Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58124 [CRITICAL] CWE-290 CVE-2024-58124: Access control vulnerability in the security verification module Impact: Successful exploitation of Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-58125 [CRITICAL] CWE-290 CVE-2024-58125: Access control vulnerability in the security verification module Impact: Successful exploitation of Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2025-31175 [HIGH] CWE-502 CVE-2025-31175: Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of thi Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2024-58044 [MEDIUM] CWE-20 CVE-2024-58044: Permission verification bypass vulnerability in the notification module Impact: Successful exploitat Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-58043 [MEDIUM] CWE-840 CVE-2024-58043: Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnera Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-57961 [CRITICAL] CWE-787 CVE-2024-57961: Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulner Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-57959 [CRITICAL] CWE-416 CVE-2024-57959: Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vul Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-57958 [CRITICAL] CWE-125 CVE-2024-57958: Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vu Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-57960 [HIGH] CWE-20 CVE-2024-57960: Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitati Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52953 [CRITICAL] CWE-22 CVE-2023-52953: Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vuln Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2024-56442 [HIGH] CWE-227 CVE-2024-56442: Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful expl Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52955 [HIGH] CWE-264 CVE-2023-52955: Vulnerability of improper authentication in the ANS system service module Impact: Successful exploit Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56447 [HIGH] CWE-269 CVE-2024-56447: Vulnerability of improper permission control in the window management module Impact: Successful expl Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-56434 [HIGH] CWE-416 CVE-2024-56434: UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerabi UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

CVE-2024-56438 [HIGH] CWE-119 CVE-2024-56438: Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitati Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2024-56440 [HIGH] CWE-264 CVE-2024-56440: Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2024-56448 [HIGH] CWE-94 CVE-2024-56448: Vulnerability of improper access control in the home screen widget module Impact: Successful exploit Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability.