Huawei Emui vulnerabilities

CVE-2024-30418 [HIGH] CWE-280 CVE-2024-30418: Vulnerability of insufficient permission verification in the app management module. Impact: Successf Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52716 [HIGH] CWE-269 CVE-2023-52716: Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. I Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30417 [HIGH] CWE-22 CVE-2024-30417: Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-30416 [HIGH] CWE-416 CVE-2024-30416: Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52717 [MEDIUM] CWE-276 CVE-2023-52717: Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52370 [CRITICAL] CWE-120 CVE-2023-52370: Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vuln Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.

CVE-2023-52369 [CRITICAL] CWE-787 CVE-2023-52369: Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may aff Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52381 [CRITICAL] CWE-94 CVE-2023-52381: Script injection vulnerability in the email module.Successful exploitation of this vulnerability may Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2023-52378 [CRITICAL] CWE-693 CVE-2023-52378: Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52372 [HIGH] CWE-20 CVE-2023-52372: Vulnerability of input parameter verification in the motor module.Successful exploitation of this vu Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52097 [HIGH] CWE-200 CVE-2023-52097: Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploit Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52374 [HIGH] CWE-863 CVE-2023-52374: Permission control vulnerability in the package management module.Successful exploitation of this vu Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52373 [HIGH] CWE-281 CVE-2023-52373: Vulnerability of permission verification in the content sharing pop-up module.Successful exploitatio Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.

CVE-2023-52357 [HIGH] CWE-502 CVE-2023-52357: Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploi Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52376 [HIGH] CWE-212 CVE-2023-52376: Information management vulnerability in the Gallery module.Successful exploitation of this vulnerabi Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52367 [HIGH] CWE-284 CVE-2023-52367: Vulnerability of improper access control in the media library module.Successful exploitation of this Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52366 [HIGH] CWE-120 CVE-2023-52366: Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52375 [HIGH] CWE-284 CVE-2023-52375: Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52387 [HIGH] CWE-664 CVE-2023-52387: Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may af Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48621 [HIGH] CWE-306 CVE-2022-48621: Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploi Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.