Huawei Magic Ui vulnerabilities

CVE-2021-37103 [MEDIUM] CWE-276 CVE-2021-37103: There is an improper permission management vulnerability in the Wallet apps. Successful exploitation There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40044 [HIGH] CVE-2021-40044: There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations.

CVE-2021-40045 [MEDIUM] CWE-347 CVE-2021-40045: There is a vulnerability of signature verification mechanism failure in system upgrade through recov There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40015 [MEDIUM] CWE-362 CVE-2021-40015: There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful expl There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability.

CVE-2021-40010 [CRITICAL] CWE-787 CVE-2021-40010: The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2021-39993 [CRITICAL] CWE-190 CVE-2021-39993: There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39996 [CRITICAL] CWE-787 CVE-2021-39996: There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful e There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.

CVE-2021-40035 [HIGH] CWE-120 CVE-2021-40035: There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40026 [HIGH] CWE-787 CVE-2021-40026: There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exp There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40031 [HIGH] CWE-476 CVE-2021-40031: There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40038 [HIGH] CWE-415 CVE-2021-40038: There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of th There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40011 [HIGH] CWE-400 CVE-2021-40011: There is an uncontrolled resource consumption vulnerability in the display module. Successful exploi There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-39998 [HIGH] CVE-2021-39998: There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExServi There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-40029 [HIGH] CWE-120 CVE-2021-40029: There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40020 [HIGH] CWE-125 CVE-2021-40020: There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Su There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40039 [HIGH] CWE-476 CVE-2021-40039: There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40009 [MEDIUM] CWE-787 CVE-2021-40009: There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitat There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40037 [MEDIUM] CWE-843 CVE-2021-40037: There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the M There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-37121 [CRITICAL] CVE-2021-37121: There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may ele There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.

CVE-2021-37120 [CRITICAL] CWE-415 CVE-2021-37120: There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.