Huawei Magic Ui vulnerabilities

CVE-2021-40058 [HIGH] CWE-787 CVE-2021-40058: There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.

CVE-2021-40048 [HIGH] CWE-131 CVE-2021-40048: There is an incorrect buffer size calculation vulnerability in the video framework. Successful explo There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.

CVE-2021-40063 [HIGH] CVE-2021-40063: There is an improper access control vulnerability in the video module. Successful exploitation of th There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40047 [HIGH] CWE-401 CVE-2021-40047: There is a vulnerability of memory not being released after effective lifetime in the Bastet module. There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40055 [MEDIUM] CVE-2021-40055: There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Su There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-40059 [MEDIUM] CWE-276 CVE-2021-40059: There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vul There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-22432 [CRITICAL] CWE-119 CVE-2021-22432: There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22448 [CRITICAL] CVE-2021-22448: There is an improper verification vulnerability in smartphones. Successful exploitation of this vuln There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

CVE-2021-22394 [CRITICAL] CWE-120 CVE-2021-22394: There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerabili There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE-2021-22431 [CRITICAL] CWE-119 CVE-2021-22431: There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22430 [CRITICAL] CVE-2021-22430: There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22434 [CRITICAL] CWE-119 CVE-2021-22434: There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of thi There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22426 [CRITICAL] CWE-119 CVE-2021-22426: There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22429 [CRITICAL] CWE-119 CVE-2021-22429: There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22433 [CRITICAL] CWE-119 CVE-2021-22433: There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22319 [HIGH] CWE-190 CVE-2021-22319: There is an improper verification vulnerability in smartphones. Successful exploitation of this vuln There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.

CVE-2021-22395 [HIGH] CWE-94 CVE-2021-22395: There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerabilit There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37027 [HIGH] CVE-2021-37027: There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affec There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22489 [HIGH] CVE-2021-22489: There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affec There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22437 [HIGH] CWE-190 CVE-2021-22437: There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploi There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.