Huawei Harmonyos vulnerabilities

CVE-2023-46762 [HIGH] CWE-125 CVE-2023-46762: Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46760 [HIGH] CWE-787 CVE-2023-46760: Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-44098 [HIGH] CWE-200 CVE-2023-44098: Vulnerability of missing encryption in the card management module. Successful exploitation of this v Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46766 [HIGH] CWE-125 CVE-2023-46766: Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulne Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

CVE-2023-46759 [HIGH] CWE-284 CVE-2023-46759: Permission control vulnerability in the call module. Successful exploitation of this vulnerability m Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46769 [HIGH] CWE-416 CVE-2023-46769: Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerabili Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.

CVE-2023-46774 [HIGH] CVE-2023-46774: Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerabilit Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

CVE-2023-46765 [HIGH] CWE-754 CVE-2023-46765: Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerabilit Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

CVE-2023-46757 [HIGH] CWE-200 CVE-2023-46757: The remote PIN module has a vulnerability that causes incorrect information storage locations.Succes The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-46768 [HIGH] CWE-416 CVE-2023-46768: Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may ca Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2022-48613 [MEDIUM] CWE-362 CVE-2022-48613: Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

CVE-2023-46755 [MEDIUM] CWE-284 CVE-2023-46755: Vulnerability of input parameters being not strictly verified in the input. Successful exploitation Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

CVE-2023-46763 [MEDIUM] CWE-20 CVE-2023-46763: Vulnerability of background app permission management in the framework module. Successful exploitati Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.

CVE-2023-46764 [MEDIUM] CWE-15 CVE-2023-46764: Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.

CVE-2023-46756 [MEDIUM] CWE-269 CVE-2023-46756: Permission control vulnerability in the window management module. Successful exploitation of this vu Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVE-2023-44106 [CRITICAL] CWE-269 CVE-2023-44106: API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vu API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44118 [CRITICAL] CWE-284 CVE-2023-44118: Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnera Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44107 [CRITICAL] CVE-2023-44107: Vulnerability of defects introduced in the design process in the screen projection module.Successfu Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-44116 [CRITICAL] CWE-306 CVE-2023-44116: Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful e Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44105 [CRITICAL] CWE-269 CVE-2023-44105: Vulnerability of permissions not being strictly verified in the window management module.Successful Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.