Huawei Harmonyos vulnerabilities

CVE-2023-52373 [HIGH] CWE-281 CVE-2023-52373: Vulnerability of permission verification in the content sharing pop-up module.Successful exploitatio Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.

CVE-2023-52375 [HIGH] CWE-284 CVE-2023-52375: Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.

CVE-2022-48621 [HIGH] CWE-306 CVE-2022-48621: Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploi Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52360 [HIGH] CWE-511 CVE-2023-52360: Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect servi Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-52387 [HIGH] CWE-664 CVE-2023-52387: Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may af Resource reuse vulnerability in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52374 [HIGH] CWE-863 CVE-2023-52374: Permission control vulnerability in the package management module.Successful exploitation of this vu Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52379 [HIGH] CWE-276 CVE-2023-52379: Permission control vulnerability in the calendarProvider module.Successful exploitation of this vuln Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52366 [HIGH] CWE-120 CVE-2023-52366: Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52362 [HIGH] CWE-276 CVE-2023-52362: Permission management vulnerability in the lock screen module.Successful exploitation of this vulner Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52361 [HIGH] CWE-863 CVE-2023-52361: The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploita The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity.

CVE-2023-52377 [HIGH] CWE-120 CVE-2023-52377: Vulnerability of input data not being verified in the cellular data module.Successful exploitation o Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2023-52380 [MEDIUM] CVE-2023-52380: Vulnerability of improper access control in the email module.Successful exploitation of this vulnera Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52365 [MEDIUM] CWE-120 CVE-2023-52365: Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52363 [MEDIUM] CVE-2023-52363: Vulnerability of defects introduced in the design process in the Control Panel module.Successful exp Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.

CVE-2023-52358 [MEDIUM] CVE-2023-52358: Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of t Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52368 [MEDIUM] CWE-20 CVE-2023-52368: Input verification vulnerability in the account module.Successful exploitation of this vulnerability Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52371 [LOW] CWE-476 CVE-2023-52371: Vulnerability of null references in the motor module.Successful exploitation of this vulnerability m Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52103 [CRITICAL] CWE-120 CVE-2023-52103: Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may c Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2023-52101 [CRITICAL] CWE-200 CVE-2023-52101: Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52106 [CRITICAL] CWE-264 CVE-2023-52106: Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Succes Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.