Huawei Magic Ui vulnerabilities

CVE-2022-39002 [CRITICAL] CWE-415 CVE-2022-39002: Double free vulnerability in the storage module. Successful exploitation of this vulnerability will Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.

CVE-2022-39003 [CRITICAL] CWE-120 CVE-2022-39003: Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability Buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.

CVE-2021-40019 [CRITICAL] CWE-125 CVE-2021-40019: Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vu Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2022-39000 [CRITICAL] CVE-2022-39000: The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vul The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVE-2022-39005 [HIGH] CWE-401 CVE-2022-39005: The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-38979 [HIGH] CVE-2022-38979: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-39001 [HIGH] CWE-22 CVE-2022-39001: The number identification module has a path traversal vulnerability. Successful exploitation of this The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

CVE-2022-38987 [HIGH] CVE-2022-38987: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38997 [HIGH] CVE-2022-38997: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38993 [HIGH] CVE-2022-38993: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2020-36601 [HIGH] CWE-787 CVE-2020-36601: Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerabili Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.

CVE-2022-39004 [HIGH] CWE-401 CVE-2022-39004: The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability ca The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-38992 [HIGH] CVE-2022-38992: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38990 [HIGH] CVE-2022-38990: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38989 [HIGH] CVE-2022-38989: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-38978 [HIGH] CVE-2022-38978: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-38991 [HIGH] CVE-2022-38991: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2020-36600 [HIGH] CWE-787 CVE-2020-36600: Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this v Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2022-38988 [HIGH] CVE-2022-38988: The secure OS module has configuration defects. Successful exploitation of this vulnerability may af The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-39006 [MEDIUM] CWE-362 CVE-2022-39006: The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.