Huawei Emui vulnerabilities

CVE-2021-46787 [HIGH] CVE-2021-46787: The AMS module has a vulnerability of improper permission control.Successful exploitation of this vu The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVE-2022-29796 [HIGH] CVE-2022-29796: The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29791 [HIGH] CVE-2022-29791: The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29792 [HIGH] CVE-2022-29792: The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnera The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46788 [HIGH] CVE-2021-46788: Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of t Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

CVE-2022-29790 [HIGH] CVE-2022-29790: The graphics acceleration service has a vulnerability in multi-thread access to the database.Success The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

CVE-2022-29789 [HIGH] CVE-2022-29789: The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Suc The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29795 [HIGH] CWE-476 CVE-2022-29795: The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2021-46785 [MEDIUM] CVE-2021-46785: The Property module has a vulnerability in permission control.This vulnerability can be exploited to The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.

CVE-2022-22258 [CRITICAL] CVE-2022-22258: The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerabili The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

CVE-2021-46742 [CRITICAL] CVE-2021-46742: The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secu The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

CVE-2022-22253 [HIGH] CWE-354 CVE-2022-22253: The DFX module has a vulnerability of improper validation of integrity check values.Successful explo The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22254 [HIGH] CVE-2022-22254: A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22256 [HIGH] CVE-2022-22256: The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40065 [HIGH] CVE-2021-40065: The communication module has a service logic error vulnerability.Successful exploitation of this vul The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22257 [HIGH] CWE-269 CVE-2022-22257: The customization framework has a vulnerability of improper permission control.Successful exploitati The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-22255 [HIGH] CVE-2022-22255: The application framework has a common DoS vulnerability.Successful exploitation of this vulnerabili The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.

CVE-2021-46740 [HIGH] CWE-287 CVE-2021-46740: The device authentication service module has a defect vulnerability introduced in the design process The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40050 [CRITICAL] CWE-125 CVE-2021-40050: There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vul There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.

CVE-2021-40053 [CRITICAL] CWE-276 CVE-2021-40053: There is a permission control vulnerability in the Nearby module.Successful exploitation of this vul There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.