Huawei Harmonyos vulnerabilities

CVE-2021-46811 [MEDIUM] CWE-276 CVE-2021-46811: HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnera HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

CVE-2022-31763 [MEDIUM] CWE-476 CVE-2022-31763: The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitat The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-29794 [CRITICAL] CWE-416 CVE-2022-29794: The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.

CVE-2021-46786 [CRITICAL] CWE-119 CVE-2021-46786: The audio module has a vulnerability in verifying the parameters passed by the application space.Suc The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-22260 [CRITICAL] CWE-416 CVE-2022-22260: The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

CVE-2022-22252 [HIGH] CWE-416 CVE-2022-22252: The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect syst The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22261 [HIGH] CVE-2022-22261: The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29793 [HIGH] CVE-2022-29793: There is a configuration defect in the activation lock of mobile phones.Successful exploitation of t There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.

CVE-2021-46787 [HIGH] CVE-2021-46787: The AMS module has a vulnerability of improper permission control.Successful exploitation of this vu The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVE-2022-29796 [HIGH] CVE-2022-29796: The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29791 [HIGH] CVE-2022-29791: The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Success The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29792 [HIGH] CVE-2022-29792: The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnera The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-29790 [HIGH] CVE-2022-29790: The graphics acceleration service has a vulnerability in multi-thread access to the database.Success The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

CVE-2022-29789 [HIGH] CVE-2022-29789: The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Suc The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29795 [HIGH] CWE-476 CVE-2022-29795: The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2021-46785 [MEDIUM] CVE-2021-46785: The Property module has a vulnerability in permission control.This vulnerability can be exploited to The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.

CVE-2022-22258 [CRITICAL] CVE-2022-22258: The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerabili The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

CVE-2021-46742 [CRITICAL] CVE-2021-46742: The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secu The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

CVE-2022-22253 [HIGH] CWE-354 CVE-2022-22253: The DFX module has a vulnerability of improper validation of integrity check values.Successful explo The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22254 [HIGH] CVE-2022-22254: A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.