Huawei Harmonyos vulnerabilities

CVE-2021-22430 [CRITICAL] CVE-2021-22430: There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22434 [CRITICAL] CWE-119 CVE-2021-22434: There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of thi There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22429 [CRITICAL] CWE-119 CVE-2021-22429: There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22426 [CRITICAL] CWE-119 CVE-2021-22426: There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22433 [CRITICAL] CWE-119 CVE-2021-22433: There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22319 [HIGH] CWE-190 CVE-2021-22319: There is an improper verification vulnerability in smartphones. Successful exploitation of this vuln There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.

CVE-2021-22395 [HIGH] CWE-94 CVE-2021-22395: There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerabilit There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22489 [HIGH] CVE-2021-22489: There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affec There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22479 [MEDIUM] CWE-119 CVE-2021-22479: The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.

CVE-2021-22478 [MEDIUM] CWE-416 CVE-2021-22478: The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this vulnerability may lead to information leakage.

CVE-2021-22441 [MEDIUM] CWE-190 CVE-2021-22441: Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnera Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.

CVE-2021-40045 [MEDIUM] CWE-347 CVE-2021-40045: There is a vulnerability of signature verification mechanism failure in system upgrade through recov There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40015 [MEDIUM] CWE-362 CVE-2021-40015: There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful expl There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.

CVE-2021-40010 [CRITICAL] CWE-787 CVE-2021-40010: The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2021-39996 [CRITICAL] CWE-787 CVE-2021-39996: There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful e There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.

CVE-2021-40035 [HIGH] CWE-120 CVE-2021-40035: There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40026 [HIGH] CWE-787 CVE-2021-40026: There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exp There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40031 [HIGH] CWE-476 CVE-2021-40031: There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40021 [HIGH] CWE-787 CVE-2021-40021: The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40011 [HIGH] CWE-400 CVE-2021-40011: There is an uncontrolled resource consumption vulnerability in the display module. Successful exploi There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.