Huawei Harmonyos vulnerabilities

CVE-2022-46314 [HIGH] CWE-404 CVE-2022-46314: The IPC module has defects introduced in the design process. Successful exploitation of this vulnera The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-41596 [HIGH] CWE-502 CVE-2022-41596: The system tool has inconsistent serialization and deserialization. Successful exploitation of this The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.

CVE-2022-46318 [MEDIUM] CVE-2022-46318: The HAware module has a function logic error. Successful exploitation of this vulnerability will aff The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.

CVE-2022-46313 [MEDIUM] CWE-287 CVE-2022-46313: The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulne The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.

CVE-2022-41590 [MEDIUM] CWE-287 CVE-2022-41590: Some smartphones have authentication-related (including session management) vulnerabilities as the s Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability.

CVE-2022-44558 [CRITICAL] CWE-502 CVE-2022-44558: The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitatio The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-44562 [CRITICAL] CWE-502 CVE-2022-44562: The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-44559 [CRITICAL] CWE-502 CVE-2022-44559: The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitatio The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-44551 [CRITICAL] CWE-362 CVE-2022-44551: The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerabil The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2021-46851 [CRITICAL] CWE-284 CVE-2021-46851: The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitatio The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.

CVE-2022-44546 [HIGH] CWE-459 CVE-2022-44546: The kernel module has the vulnerability that the mapping is not cleared after the memory is automati The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.

CVE-2022-44554 [HIGH] CWE-276 CVE-2022-44554: The power module has a vulnerability in permission verification. Successful exploitation of this vul The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.

CVE-2022-44547 [HIGH] CWE-416 CVE-2022-44547: The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability ma The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

CVE-2022-44561 [HIGH] CWE-276 CVE-2022-44561: The preset launcher module has a permission verification vulnerability. Successful exploitation of t The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.

CVE-2022-44549 [HIGH] CWE-862 CVE-2022-44549: The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnera The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.

CVE-2021-46852 [HIGH] CWE-306 CVE-2021-46852: The memory management module has the logic bypass vulnerability. Successful exploitation of this vul The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-44555 [HIGH] CWE-294 CVE-2022-44555: The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.

CVE-2022-44552 [HIGH] CWE-404 CVE-2022-44552: The lock screen module has defects introduced in the design process. Successful exploitation of this The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-44557 [HIGH] CWE-276 CVE-2022-44557: The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-44550 [HIGH] CWE-416 CVE-2022-44550: The graphics display module has a UAF vulnerability when traversing graphic layers. Successful explo The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.