Huawei Harmonyos vulnerabilities

CVE-2023-1695 [HIGH] CWE-755 CVE-2023-1695: Vulnerability of failures to capture exceptions in the communication framework. Successful exploitat Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-1691 [HIGH] CWE-248 CVE-2023-1691: Vulnerability of failures to capture exceptions in the communication framework. Successful exploitat Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2022-48515 [HIGH] CWE-269 CVE-2022-48515: Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnera Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-37241 [HIGH] CWE-20 CVE-2023-37241: Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may c Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2021-46892 [HIGH] CWE-701 CVE-2021-46892: Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability m Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48508 [HIGH] CWE-264 CVE-2022-48508: Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulne Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.

CVE-2022-48519 [HIGH] CWE-200 CVE-2022-48519: Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerabil Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48520 [HIGH] CWE-200 CVE-2022-48520: Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerabil Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-37239 [HIGH] CWE-200 CVE-2023-37239: Format string vulnerability in the distributed file system. Attackers who bypass the selinux permis Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.

CVE-2022-48516 [HIGH] CWE-200 CVE-2022-48516: Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Succe Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-48517 [HIGH] CWE-701 CVE-2022-48517: Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vu Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.

CVE-2022-48507 [HIGH] CWE-294 CVE-2022-48507: Vulnerability of identity verification being bypassed in the storage module. Successful exploitation Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48509 [MEDIUM] CWE-476 CVE-2022-48509: Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Sh Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.

CVE-2023-37238 [MEDIUM] CWE-275 CVE-2023-37238: Vulnerability of apps' permission to access a certain API being incompletely verified in the wireles Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.

CVE-2023-3456 [MEDIUM] CWE-20 CVE-2023-3456: Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48518 [MEDIUM] CWE-701 CVE-2022-48518: Vulnerability of signature verification in the iaware system being initialized later than the time w Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CVE-2023-3455 [CRITICAL] CWE-200 CVE-2023-3455: Key management vulnerability on system. Successful exploitation of this vulnerability may affect ser Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2021-46891 [CRITICAL] CWE-200 CVE-2021-46891: Vulnerability of incomplete read and write permission verification in the GPU module. Successful exp Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46890 [CRITICAL] CWE-863 CVE-2021-46890: Vulnerability of incomplete read and write permission verification in the GPU module. Successful exp Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46893 [HIGH] CWE-1284 CVE-2021-46893: Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vul Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.