Huawei Emui vulnerabilities

CVE-2021-40049 [HIGH] CWE-276 CVE-2021-40049: There is a permission control vulnerability in the PMS module. Successful exploitation of this vulne There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.

CVE-2021-40056 [HIGH] CWE-120 CVE-2021-40056: There is a vulnerability of copying input buffer without checking its size in the video framework. S There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40057 [HIGH] CWE-787 CVE-2021-40057: There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successf There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40061 [HIGH] CWE-843 CVE-2021-40061: There is a vulnerability of accessing resources using an incompatible type (type confusion) in the B There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40062 [HIGH] CWE-120 CVE-2021-40062: There is a vulnerability of copying input buffer without checking its size in the video framework. S There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40051 [HIGH] CVE-2021-40051: There is an unauthorized access vulnerability in system components. Successful exploitation of this There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40052 [HIGH] CWE-131 CVE-2021-40052: There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploi There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.

CVE-2021-40058 [HIGH] CWE-787 CVE-2021-40058: There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40048 [HIGH] CWE-131 CVE-2021-40048: There is an incorrect buffer size calculation vulnerability in the video framework. Successful explo There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.

CVE-2021-40064 [HIGH] CWE-787 CVE-2021-40064: There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.

CVE-2021-40063 [HIGH] CVE-2021-40063: There is an improper access control vulnerability in the video module. Successful exploitation of th There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40054 [HIGH] CWE-191 CVE-2021-40054: There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of th There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40047 [HIGH] CWE-401 CVE-2021-40047: There is a vulnerability of memory not being released after effective lifetime in the Bastet module. There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40060 [HIGH] CWE-787 CVE-2021-40060: There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40055 [MEDIUM] CVE-2021-40055: There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Su There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40059 [MEDIUM] CWE-276 CVE-2021-40059: There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vul There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-22432 [CRITICAL] CWE-119 CVE-2021-22432: There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22448 [CRITICAL] CVE-2021-22448: There is an improper verification vulnerability in smartphones. Successful exploitation of this vuln There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

CVE-2021-22394 [CRITICAL] CWE-120 CVE-2021-22394: There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerabili There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE-2021-22431 [CRITICAL] CWE-119 CVE-2021-22431: There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.