Huawei Harmonyos vulnerabilities

CVE-2022-44560 [MEDIUM] CWE-601 CVE-2022-44560: The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnera The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.

CVE-2022-44553 [MEDIUM] CWE-20 CVE-2022-44553: The HiView module has a vulnerability of not filtering third-party apps out when the HiView module t The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.

CVE-2022-44563 [MEDIUM] CWE-362 CVE-2022-44563: There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerab There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-44548 [MEDIUM] CWE-276 CVE-2022-44548: There is a vulnerability in permission verification during the Bluetooth pairing process. Successful There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

CVE-2022-44556 [HIGH] CWE-20 CVE-2022-44556: Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability m Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46839 [CRITICAL] CWE-125 CVE-2021-46839: The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitatio The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-41580 [CRITICAL] CWE-125 CVE-2022-41580: The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation o The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-38980 [CRITICAL] CWE-787 CVE-2022-38980: The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.

CVE-2022-38983 [CRITICAL] CWE-416 CVE-2022-38983: The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vu The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

CVE-2022-38986 [CRITICAL] CWE-787 CVE-2022-38986: The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel spa The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.

CVE-2022-38982 [CRITICAL] CWE-287 CVE-2022-38982: The fingerprint module has service logic errors.Successful exploitation of this vulnerability will c The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.

CVE-2022-41578 [CRITICAL] CWE-787 CVE-2022-41578: The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerabil The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.

CVE-2021-46840 [CRITICAL] CWE-125 CVE-2021-46840: The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Succ The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-41581 [CRITICAL] CWE-125 CVE-2022-41581: The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation o The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

CVE-2022-41583 [HIGH] CWE-125 CVE-2022-41583: The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successfu The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

CVE-2022-39011 [HIGH] CWE-693 CVE-2022-39011: The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel spa The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

CVE-2022-41589 [HIGH] CWE-703 CVE-2022-41589: The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful e The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.

CVE-2022-41576 [HIGH] CWE-94 CVE-2022-41576: The rphone module has a script that can be maliciously modified.Successful exploitation of this vuln The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.

CVE-2022-38977 [HIGH] CWE-787 CVE-2022-38977: The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.

CVE-2022-41585 [HIGH] CWE-125 CVE-2022-41585: The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerabil The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.