Huawei Harmonyos vulnerabilities

CVE-2021-40025 [HIGH] CWE-665 CVE-2021-40025: The eID module has a vulnerability that causes the memory to be used without being initialized,Succe The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40022 [HIGH] CVE-2021-40022: The weaver module has a vulnerability in parameter type verification,Successful exploitation of this The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40032 [HIGH] CVE-2021-40032: The bone voice ID TA has a vulnerability in information management,Successful exploitation of this v The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-39998 [HIGH] CVE-2021-39998: There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExServi There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-40014 [HIGH] CWE-787 CVE-2021-40014: The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitatio The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40029 [HIGH] CWE-120 CVE-2021-40029: There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40005 [HIGH] CVE-2021-40005: The distributed data service component has a vulnerability in data access control. Successful exploi The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40002 [HIGH] CWE-787 CVE-2021-40002: The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.

CVE-2021-40027 [HIGH] CWE-476 CVE-2021-40027: The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40004 [HIGH] CWE-276 CVE-2021-40004: The cellular module has a vulnerability in permission management. Successful exploitation of this vu The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40000 [HIGH] CWE-787 CVE-2021-40000: The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.

CVE-2021-40038 [HIGH] CWE-415 CVE-2021-40038: There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of th There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40028 [HIGH] CWE-787 CVE-2021-40028: The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.

CVE-2021-40018 [HIGH] CWE-476 CVE-2021-40018: The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerabi The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40039 [HIGH] CWE-476 CVE-2021-40039: There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40009 [MEDIUM] CWE-787 CVE-2021-40009: There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitat There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40001 [MEDIUM] CWE-22 CVE-2021-40001: The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.

CVE-2021-40003 [MEDIUM] CWE-22 CVE-2021-40003: HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40006 [MEDIUM] CWE-254 CVE-2021-40006: Vulnerability of design defects in the security algorithm component. Successful exploitation of this Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40037 [MEDIUM] CWE-843 CVE-2021-40037: There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the M There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.