Huawei Harmonyos vulnerabilities

CVE-2021-22458 [HIGH] CWE-125 CVE-2021-22458: A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution.

CVE-2021-22469 [HIGH] CWE-125 CVE-2021-22469: A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit thi A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.

CVE-2021-22466 [MEDIUM] CWE-416 CVE-2021-22466: A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vu A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.

CVE-2021-22456 [MEDIUM] CVE-2021-22456: A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.

CVE-2021-22461 [MEDIUM] CWE-770 CVE-2021-22461: A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerabilit A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.

CVE-2021-22471 [MEDIUM] CWE-476 CVE-2021-22471: A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may explo A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.

CVE-2021-22467 [MEDIUM] CWE-20 CVE-2021-22467: A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.

CVE-2021-22450 [MEDIUM] CWE-459 CVE-2021-22450: A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit thi A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion.

CVE-2021-22459 [MEDIUM] CWE-476 CVE-2021-22459: A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may explo A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.

CVE-2021-22463 [MEDIUM] CWE-416 CVE-2021-22463: A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this v A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.

CVE-2021-22452 [MEDIUM] CWE-20 CVE-2021-22452: A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.

CVE-2021-22465 [MEDIUM] CWE-787 CVE-2021-22465: A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exp A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.

CVE-2021-22454 [MEDIUM] CWE-668 CVE-2021-22454: A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.

CVE-2021-22462 [MEDIUM] CWE-476 CVE-2021-22462: A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may explo A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.

CVE-2021-22455 [MEDIUM] CWE-190 CVE-2021-22455: A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.

CVE-2021-22460 [MEDIUM] CWE-345 CVE-2021-22460: A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Loc A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.

CVE-2021-22457 [LOW] CWE-20 CVE-2021-22457: A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write.

CVE-2021-22453 [LOW] CWE-125 CVE-2021-22453: A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.

CVE-2021-22464 [LOW] CWE-125 CVE-2021-22464: A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit thi A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart.

CVE-2021-22468 [LOW] CWE-668 CVE-2021-22468: A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulner A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.