Huawei Harmonyos vulnerabilities

CVE-2022-39002 [CRITICAL] CWE-415 CVE-2022-39002: Double free vulnerability in the storage module. Successful exploitation of this vulnerability will Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

CVE-2022-38999 [CRITICAL] CVE-2022-38999: The AOD module has the improper update of reference count vulnerability. Successful exploitation of The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

CVE-2022-39008 [CRITICAL] CWE-502 CVE-2022-39008: The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.

CVE-2022-39009 [CRITICAL] CWE-287 CVE-2022-39009: The WLAN module has a vulnerability in permission verification. Successful exploitation of this vuln The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.

CVE-2021-40017 [CRITICAL] CWE-20 CVE-2021-40017: The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-39000 [CRITICAL] CVE-2022-39000: The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vul The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVE-2022-39005 [HIGH] CWE-401 CVE-2022-39005: The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-38979 [HIGH] CVE-2022-38979: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38987 [HIGH] CVE-2022-38987: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38997 [HIGH] CVE-2022-38997: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38993 [HIGH] CVE-2022-38993: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38995 [HIGH] CVE-2022-38995: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38994 [HIGH] CVE-2022-38994: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-39004 [HIGH] CWE-401 CVE-2022-39004: The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-38992 [HIGH] CVE-2022-38992: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38990 [HIGH] CVE-2022-38990: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2021-46836 [HIGH] CVE-2021-46836: Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successfu Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38989 [HIGH] CVE-2022-38989: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-39001 [HIGH] CWE-22 CVE-2022-39001: The number identification module has a path traversal vulnerability. Successful exploitation of this The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

CVE-2022-38991 [HIGH] CVE-2022-38991: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.