Huawei Harmonyos vulnerabilities

CVE-2023-52102 [HIGH] CWE-116 CVE-2023-52102: Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vu Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44117 [HIGH] CWE-290 CVE-2023-44117: Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitat Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52113 [HIGH] CWE-400 CVE-2023-52113: launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this v launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.

CVE-2023-44112 [HIGH] CWE-200 CVE-2023-44112: Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of t Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-52100 [HIGH] CVE-2023-52100: The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vul The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.

CVE-2023-52098 [HIGH] CWE-400 CVE-2023-52098: Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerabili Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.

CVE-2023-52114 [HIGH] CWE-269 CVE-2023-52114: Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulne Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-52099 [HIGH] CWE-284 CVE-2023-52099: Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploi Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52108 [HIGH] CVE-2023-52108: Vulnerability of process priorities being raised in the ActivityManagerService module. Successful ex Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.

CVE-2023-52111 [HIGH] CWE-287 CVE-2023-52111: Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-52110 [HIGH] CWE-787 CVE-2023-52110: The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerab The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability.

CVE-2023-52116 [HIGH] CWE-269 CVE-2023-52116: Permission management vulnerability in the multi-screen interaction module. Successful exploitation Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.

CVE-2023-4566 [HIGH] CWE-290 CVE-2023-4566: Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitat Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52105 [HIGH] CWE-269 CVE-2023-52105: The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerab The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.

CVE-2023-52109 [HIGH] CWE-345 CVE-2023-52109: Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitat Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52115 [HIGH] CWE-416 CVE-2023-52115: The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerab The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.

CVE-2023-52107 [HIGH] CWE-269 CVE-2023-52107: Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52104 [HIGH] CVE-2023-52104: Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vu Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52112 [MEDIUM] CWE-552 CVE-2023-52112: Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of t Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-46773 [CRITICAL] CWE-276 CVE-2023-46773: Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.