Huawei Emui vulnerabilities

CVE-2021-37107 [MEDIUM] CWE-787 CVE-2021-37107: There is an improper memory access permission configuration on ACPU.Successful exploitation of this There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-37115 [MEDIUM] CVE-2021-37115: There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Su There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40010 [CRITICAL] CWE-787 CVE-2021-40010: The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2021-39993 [CRITICAL] CWE-190 CVE-2021-39993: There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39996 [CRITICAL] CWE-787 CVE-2021-39996: There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful e There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.

CVE-2021-40035 [HIGH] CWE-120 CVE-2021-40035: There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40026 [HIGH] CWE-787 CVE-2021-40026: There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exp There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40031 [HIGH] CWE-476 CVE-2021-40031: There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40011 [HIGH] CWE-400 CVE-2021-40011: There is an uncontrolled resource consumption vulnerability in the display module. Successful exploi There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40032 [HIGH] CVE-2021-40032: The bone voice ID TA has a vulnerability in information management,Successful exploitation of this v The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-39998 [HIGH] CVE-2021-39998: There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExServi There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-40014 [HIGH] CWE-787 CVE-2021-40014: The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitatio The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40029 [HIGH] CWE-120 CVE-2021-40029: There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40027 [HIGH] CWE-476 CVE-2021-40027: The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40038 [HIGH] CWE-415 CVE-2021-40038: There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of th There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40020 [HIGH] CWE-125 CVE-2021-40020: There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Su There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40039 [HIGH] CWE-476 CVE-2021-40039: There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40009 [MEDIUM] CWE-787 CVE-2021-40009: There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitat There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40006 [MEDIUM] CWE-254 CVE-2021-40006: Vulnerability of design defects in the security algorithm component. Successful exploitation of this Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40037 [MEDIUM] CWE-843 CVE-2021-40037: There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the M There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.