Huawei Magic Ui vulnerabilities

CVE-2022-31760 [CRITICAL] CVE-2022-31760: Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

CVE-2022-31754 [HIGH] CVE-2022-31754: Logical defects in code implementation in some products. Successful exploitation of this vulnerabili Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.

CVE-2022-31753 [HIGH] CWE-134 CVE-2022-31753: The voice wakeup module has a vulnerability of using externally-controlled format strings. Successfu The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31762 [HIGH] CWE-20 CVE-2022-31762: The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerabilit The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-31761 [HIGH] CVE-2022-31761: Configuration defects in the secure OS module. Successful exploitation of this vulnerability will af Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-31757 [HIGH] CVE-2022-31757: The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vuln The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46814 [HIGH] CWE-125 CVE-2021-46814: The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2021-46813 [HIGH] CWE-212 CVE-2021-46813: Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.

CVE-2022-31755 [MEDIUM] CWE-281 CVE-2022-31755: The communication module has a vulnerability of improper permission preservation. Successful exploit The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31756 [MEDIUM] CVE-2022-31756: The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31759 [MEDIUM] CWE-824 CVE-2022-31759: AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vul AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31758 [MEDIUM] CWE-362 CVE-2022-31758: The kernel module has the race condition vulnerability. Successful exploitation of this vulnerabilit The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31751 [MEDIUM] CVE-2022-31751: The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability m The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

CVE-2021-46811 [MEDIUM] CWE-276 CVE-2021-46811: HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnera HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

CVE-2022-31752 [MEDIUM] CWE-862 CVE-2022-31752: Missing authorization vulnerability in the system components. Successful exploitation of this vulner Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-46786 [CRITICAL] CWE-119 CVE-2021-46786: The audio module has a vulnerability in verifying the parameters passed by the application space.Suc The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-22252 [HIGH] CWE-416 CVE-2022-22252: The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect syst The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

CVE-2021-46789 [HIGH] CVE-2021-46789: Configuration defects in the secure OS module. Successful exploitation of this vulnerability can aff Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.

CVE-2021-46788 [HIGH] CVE-2021-46788: Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of t Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

CVE-2022-29793 [HIGH] CVE-2022-29793: There is a configuration defect in the activation lock of mobile phones.Successful exploitation of t There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.