Known Vulnerabilities
CVE-2021-46885
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2022-48480
Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-46886
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46887
Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-46882
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46881
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46884
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46883
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2020-36601
Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot.
CVE-2020-36600
Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.
CVE-2022-38997
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38979
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38978
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40030
The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-37004
The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.
CVE-2022-37002
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.
CVE-2021-40034
The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.
CVE-2021-40016
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40013
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.
CVE-2022-34738
The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background.
CVE-2022-34737
The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
CVE-2022-34742
The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-34739
The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.
CVE-2022-34743
The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2021-46741
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.
CVE-2022-31752
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-31754
Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.
CVE-2021-46811
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
CVE-2022-31753
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31757
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-31760
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
CVE-2022-31762
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-31759
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31755
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31756
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-31751
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31758
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46814
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2021-46788
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.
CVE-2021-46787
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
CVE-2022-22253
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
CVE-2021-46742
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
CVE-2022-22254
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22256
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
CVE-2021-40047
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40048
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
CVE-2021-40049
There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
CVE-2021-40050
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.
CVE-2021-40051
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40054
There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40055
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40056
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2021-40057
There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2021-40058
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2021-40059
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40060
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2021-40061
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40062
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.
CVE-2021-40063
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40064
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.
CVE-2021-37103
There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22429
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22432
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-22430
There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability may cause code injection.
CVE-2021-22426
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22431
There is a vulnerability when configuring permission isolation in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-22433
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22434
There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22394
There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.
CVE-2021-22395
There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22319
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
CVE-2021-37027
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-22489
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22448
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause unauthorized read and write of some files.
CVE-2021-22437
There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.
CVE-2021-40044
There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations.
CVE-2021-40037
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
CVE-2021-40035
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40029
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40020
There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-39974
There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-39969
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-39966
There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-39967
There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37133
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37119
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37117
There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37113
There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37111
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.
CVE-2021-37097
There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart.
CVE-2021-37092
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.
CVE-2021-37075
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.
CVE-2021-37053
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37045
There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
CVE-2021-37056
There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.
CVE-2021-37042
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37041
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37034
There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37032
There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work.
CVE-2021-37030
There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22490
There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance.
CVE-2021-22473
There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22406
There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
CVE-2021-22404
There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22403
There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE-2021-22447
There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22446
There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22445
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22444
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause code injection.
CVE-2021-22443
There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access.
CVE-2021-22442
There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22392
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.
CVE-2021-22391
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22387
There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands.