Huawei Harmonyos vulnerabilities

CVE-2022-48286 [HIGH] CWE-269 CVE-2022-48286: The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitat The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48295 [HIGH] CWE-281 CVE-2022-48295: The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulner The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).

CVE-2022-48294 [HIGH] CWE-287 CVE-2022-48294: The IHwAttestationService interface has a defect in authentication. Successful exploitation of this The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48288 [HIGH] CWE-306 CVE-2022-48288: The bundle management module lacks authentication and control mechanisms in some APIs. Successful ex The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48302 [HIGH] CWE-862 CVE-2022-48302: The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitatio The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48299 [HIGH] CWE-306 CVE-2022-48299: The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vuln The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48289 [HIGH] CWE-306 CVE-2022-48289: The bundle management module lacks authentication and control mechanisms in some APIs. Successful ex The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48297 [HIGH] CWE-1284 CVE-2022-48297: The geofencing kernel code has a vulnerability of not verifying the length of the input data. Succes The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48298 [HIGH] CWE-1284 CVE-2022-48298: The geofencing kernel code does not verify the length of the input data. Successful exploitation of The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48300 [HIGH] CWE-306 CVE-2022-48300: The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vuln The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48301 [HIGH] CWE-281 CVE-2022-48301: The bundle management module lacks permission verification in some APIs. Successful exploitation of The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.

CVE-2022-48296 [MEDIUM] CWE-281 CVE-2022-48296: The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerabi The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.

CVE-2022-48293 [MEDIUM] CWE-125 CVE-2022-48293: The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may aff The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-48292 [MEDIUM] CWE-125 CVE-2022-48292: The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulne The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46868 [HIGH] CWE-125 CVE-2021-46868: The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerabil The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-47975 [HIGH] CWE-415 CVE-2022-47975: The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-46762 [HIGH] CWE-693 CVE-2022-46762: The memory management module has a logic bypass vulnerability.Successful exploitation of this vulner The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-46761 [HIGH] CWE-276 CVE-2022-46761: The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful e The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.

CVE-2021-46867 [HIGH] CWE-125 CVE-2021-46867: The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerabil The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-47976 [HIGH] CWE-287 CVE-2022-47976: The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control con The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.