Huawei Magic Ui vulnerabilities

CVE-2021-46787 [HIGH] CVE-2021-46787: The AMS module has a vulnerability of improper permission control.Successful exploitation of this vu The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

CVE-2022-22258 [CRITICAL] CVE-2022-22258: The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerabili The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

CVE-2021-46742 [CRITICAL] CVE-2021-46742: The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secu The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.

CVE-2022-22253 [HIGH] CWE-354 CVE-2022-22253: The DFX module has a vulnerability of improper validation of integrity check values.Successful explo The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22254 [HIGH] CVE-2022-22254: A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-40065 [HIGH] CVE-2021-40065: The communication module has a service logic error vulnerability.Successful exploitation of this vul The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22256 [HIGH] CVE-2022-22256: The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22257 [HIGH] CWE-269 CVE-2022-22257: The customization framework has a vulnerability of improper permission control.Successful exploitati The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

CVE-2021-40050 [CRITICAL] CWE-125 CVE-2021-40050: There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vul There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.

CVE-2021-40053 [CRITICAL] CWE-276 CVE-2021-40053: There is a permission control vulnerability in the Nearby module.Successful exploitation of this vul There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity.

CVE-2021-40056 [HIGH] CWE-120 CVE-2021-40056: There is a vulnerability of copying input buffer without checking its size in the video framework. S There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40062 [HIGH] CWE-120 CVE-2021-40062: There is a vulnerability of copying input buffer without checking its size in the video framework. S There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40049 [HIGH] CWE-276 CVE-2021-40049: There is a permission control vulnerability in the PMS module. Successful exploitation of this vulne There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.

CVE-2021-40054 [HIGH] CWE-191 CVE-2021-40054: There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of th There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40057 [HIGH] CWE-787 CVE-2021-40057: There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successf There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40061 [HIGH] CWE-843 CVE-2021-40061: There is a vulnerability of accessing resources using an incompatible type (type confusion) in the B There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40060 [HIGH] CWE-787 CVE-2021-40060: There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40064 [HIGH] CWE-787 CVE-2021-40064: There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.

CVE-2021-40051 [HIGH] CVE-2021-40051: There is an unauthorized access vulnerability in system components. Successful exploitation of this There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40052 [HIGH] CWE-131 CVE-2021-40052: There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploi There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect availability.