Huawei Harmonyos vulnerabilities

CVE-2023-41307 [HIGH] CWE-787 CVE-2023-41307: Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerabili Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-41309 [HIGH] CWE-269 CVE-2023-41309: Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of t Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-41312 [MEDIUM] CWE-269 CVE-2023-41312: Permission control vulnerability in the audio module. Successful exploitation of this vulnerability Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.

CVE-2023-4565 [MEDIUM] CWE-732 CVE-2023-4565: Broadcast permission control vulnerability in the framework module. Successful exploitation of this Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

CVE-2023-41311 [MEDIUM] CWE-284 CVE-2023-41311: Permission control vulnerability in the audio module. Successful exploitation of this vulnerability Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.

CVE-2023-41306 [LOW] CWE-362 CVE-2023-41306: Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful e Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

CVE-2023-41310 [LOW] CWE-400 CVE-2023-41310: Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerab Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

CVE-2023-39407 [CRITICAL] CWE-22 CVE-2023-39407: The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability ma The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.

CVE-2023-41294 [CRITICAL] CWE-400 CVE-2023-41294: The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability ma The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.

CVE-2023-41297 [CRITICAL] CVE-2023-41297: Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exp Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.

CVE-2023-41296 [CRITICAL] CWE-862 CVE-2023-41296: Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnera Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVE-2022-48605 [CRITICAL] CWE-20 CVE-2022-48605: Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerab Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2023-41301 [HIGH] CWE-269 CVE-2023-41301: Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerab Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-41303 [HIGH] CWE-20 CVE-2023-41303: Command injection vulnerability in the distributed file system module. Successful exploitation of th Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

CVE-2023-41299 [HIGH] CWE-120 CVE-2023-41299: DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41293 [HIGH] CWE-227 CVE-2023-41293: Data security classification vulnerability in the DDMP module. Successful exploitation of this vulne Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41298 [HIGH] CVE-2023-41298: Vulnerability of permission control in the window module. Successful exploitation of this vulnerabil Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-39409 [HIGH] CWE-120 CVE-2023-39409: DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-39408 [HIGH] CWE-120 CVE-2023-39408: DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the sys DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41300 [HIGH] CWE-20 CVE-2023-41300: Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation o Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.