Huawei Harmonyos vulnerabilities

CVE-2022-48348 [CRITICAL] CWE-200 CVE-2022-48348: The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of t The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.

CVE-2022-48346 [HIGH] CWE-200 CVE-2022-48346: The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerabilit The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-26549 [HIGH] CWE-233 CVE-2023-26549: The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successf The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-26547 [HIGH] CWE-502 CVE-2023-26547: The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exp The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-48360 [HIGH] CWE-276 CVE-2022-48360: The facial recognition module has a vulnerability in file permission control. Successful exploitatio The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48358 [HIGH] CWE-601 CVE-2022-48358: The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerabi The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.

CVE-2022-48351 [HIGH] CWE-400 CVE-2022-48351: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48356 [HIGH] CWE-20 CVE-2022-48356: The facial recognition module has a vulnerability in input parameter verification. Successful exploi The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.

CVE-2022-48357 [HIGH] CWE-770 CVE-2022-48357: Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.

CVE-2022-48350 [HIGH] CWE-862 CVE-2022-48350: The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48359 [HIGH] CWE-915 CVE-2022-48359: The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successfu The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-26548 [HIGH] CWE-502 CVE-2023-26548: The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of th The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48347 [HIGH] CWE-200 CVE-2022-48347: The MediaProvider module has a vulnerability in permission verification. Successful exploitation of The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48352 [HIGH] CWE-665 CVE-2022-48352: Some smartphones have data initialization issues. Successful exploitation of this vulnerability may Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.

CVE-2022-48361 [MEDIUM] CWE-22 CVE-2022-48361: The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitati The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.

CVE-2022-48354 [MEDIUM] CWE-787 CVE-2022-48354: The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this v The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

CVE-2022-48291 [MEDIUM] CWE-306 CVE-2022-48291: The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful e The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48355 [MEDIUM] CWE-787 CVE-2022-48355: The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vu The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

CVE-2022-48290 [CRITICAL] CWE-693 CVE-2022-48290: The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.

CVE-2022-48287 [HIGH] CWE-693 CVE-2022-48287: The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerabilit The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.