Huawei Harmonyos vulnerabilities

CVE-2023-44111 [HIGH] CWE-307 CVE-2023-44111: Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44093 [HIGH] CWE-200 CVE-2023-44093: Vulnerability of package names' public keys not being verified in the security module.Successful exp Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114 [HIGH] CWE-125 CVE-2023-44114: Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerabilit Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44109 [HIGH] CWE-74 CVE-2023-44109: Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect s Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44095 [HIGH] CWE-416 CVE-2023-44095: Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vuln Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

CVE-2023-44101 [HIGH] CWE-668 CVE-2023-44101: The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successfu The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-44097 [HIGH] CWE-200 CVE-2023-44097: Vulnerability of the permission to access device SNs being improperly managed.Successful exploitatio Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44119 [HIGH] CWE-667 CVE-2023-44119: Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vu Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-44108 [HIGH] CWE-843 CVE-2023-44108: Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerab Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44103 [HIGH] CWE-20 CVE-2023-44103: Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerabili Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44096 [HIGH] CWE-287 CVE-2023-44096: Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44104 [HIGH] CWE-669 CVE-2023-44104: Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this v Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44100 [HIGH] CWE-669 CVE-2023-44100: Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this v Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-41304 [MEDIUM] CWE-754 CVE-2023-41304: Parameter verification vulnerability in the window module.Successful exploitation of this vulnerabil Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

CVE-2023-44102 [MEDIUM] CWE-668 CVE-2023-44102: Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this v Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

CVE-2023-44094 [MEDIUM] CWE-843 CVE-2023-44094: Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerab Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44110 [MEDIUM] CWE-20 CVE-2023-44110: Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-41308 [HIGH] CWE-532 CVE-2023-41308: Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affe Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41305 [HIGH] CWE-326 CVE-2023-41305: Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS mess Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48606 [HIGH] CWE-476 CVE-2022-48606: Stability-related vulnerability in the binder background management and control module. Successful e Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.