Huawei Harmonyos vulnerabilities

CVE-2022-22256 [HIGH] CVE-2022-22256: The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40065 [HIGH] CVE-2021-40065: The communication module has a service logic error vulnerability.Successful exploitation of this vul The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22257 [HIGH] CWE-269 CVE-2022-22257: The customization framework has a vulnerability of improper permission control.Successful exploitati The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-22255 [HIGH] CVE-2022-22255: The application framework has a common DoS vulnerability.Successful exploitation of this vulnerabili The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.

CVE-2021-46740 [HIGH] CWE-287 CVE-2021-46740: The device authentication service module has a defect vulnerability introduced in the design process The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40050 [CRITICAL] CWE-125 CVE-2021-40050: There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vul There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.

CVE-2021-40053 [CRITICAL] CWE-276 CVE-2021-40053: There is a permission control vulnerability in the Nearby module.Successful exploitation of this vul There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.

CVE-2021-40049 [HIGH] CWE-276 CVE-2021-40049: There is a permission control vulnerability in the PMS module. Successful exploitation of this vulne There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.

CVE-2021-40061 [HIGH] CWE-843 CVE-2021-40061: There is a vulnerability of accessing resources using an incompatible type (type confusion) in the B There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40051 [HIGH] CVE-2021-40051: There is an unauthorized access vulnerability in system components. Successful exploitation of this There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40052 [HIGH] CWE-131 CVE-2021-40052: There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploi There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.

CVE-2021-40048 [HIGH] CWE-131 CVE-2021-40048: There is an incorrect buffer size calculation vulnerability in the video framework. Successful explo There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.

CVE-2021-40064 [HIGH] CWE-787 CVE-2021-40064: There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.

CVE-2021-40063 [HIGH] CVE-2021-40063: There is an improper access control vulnerability in the video module. Successful exploitation of th There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40047 [HIGH] CWE-401 CVE-2021-40047: There is a vulnerability of memory not being released after effective lifetime in the Bastet module. There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40055 [MEDIUM] CVE-2021-40055: There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Su There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-22480 [CRITICAL] CWE-190 CVE-2021-22480: The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploi The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.

CVE-2021-22432 [CRITICAL] CWE-119 CVE-2021-22432: There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22394 [CRITICAL] CWE-120 CVE-2021-22394: There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerabili There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE-2021-22431 [CRITICAL] CWE-119 CVE-2021-22431: There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.