Huawei Harmonyos vulnerabilities

CVE-2022-34743 [HIGH] CWE-125 CVE-2022-34743: The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-34738 [HIGH] CVE-2022-34738: The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background.

CVE-2022-34739 [HIGH] CVE-2022-34739: The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitati The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.

CVE-2021-46741 [HIGH] CVE-2021-46741: The basic framework and setting module have defects, which were introduced during the design. Succes The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.

CVE-2022-34742 [HIGH] CWE-125 CVE-2022-34742: The system module has a read/write vulnerability. Successful exploitation of this vulnerability may The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-34736 [HIGH] CWE-476 CVE-2022-34736: The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2022-34741 [MEDIUM] CWE-120 CVE-2022-34741: The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability ma The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.

CVE-2022-34740 [MEDIUM] CWE-120 CVE-2022-34740: The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability ma The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.

CVE-2021-40036 [CRITICAL] CWE-787 CVE-2021-40036: The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerabi The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2022-31760 [CRITICAL] CVE-2022-31760: Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

CVE-2022-31753 [HIGH] CWE-134 CVE-2022-31753: The voice wakeup module has a vulnerability of using externally-controlled format strings. Successfu The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31757 [HIGH] CVE-2022-31757: The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vuln The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31762 [HIGH] CWE-20 CVE-2022-31762: The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerabilit The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2021-46812 [HIGH] CVE-2021-46812: The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.

CVE-2021-46814 [HIGH] CWE-125 CVE-2021-46814: The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31755 [MEDIUM] CWE-281 CVE-2022-31755: The communication module has a vulnerability of improper permission preservation. Successful exploit The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31756 [MEDIUM] CVE-2022-31756: The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31758 [MEDIUM] CWE-362 CVE-2022-31758: The kernel module has the race condition vulnerability. Successful exploitation of this vulnerabilit The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31751 [MEDIUM] CVE-2022-31751: The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability m The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31759 [MEDIUM] CWE-824 CVE-2022-31759: AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vul AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.