Known Vulnerabilities
CVE-2024-56449
Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-56448
Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-56447
Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-56442
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-56441
Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52955
Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52954
Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2023-52953
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-54101
Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54100
Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-54098
Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2024-54097
Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity.
CVE-2024-54096
Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy.
CVE-2024-51527
Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-47294
Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-47292
Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-47291
Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-47290
Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-45449
Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45447
Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45446
Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-45444
Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45441
Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-42039
Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-45450
Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42037
Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42034
LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42033
Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-42032
Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42031
Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-7265
Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability
CVE-2023-7271
Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-39670
Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-39674
Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-39673
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-36503
Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-36502
Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-36501
Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity.
CVE-2024-36499
Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-32999
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32998
NULL pointer access vulnerability in the clock module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32997
Race condition vulnerability in the binder driver module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32996
Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32995
Denial of service (DoS) vulnerability in the AMS module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52719
Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-32993
Out-of-bounds access vulnerability in the memory module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32992
Insufficient verification vulnerability in the baseband module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32991
Permission verification vulnerability in the wpa_supplicant module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-32990
Permission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-27897
Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52554
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52553
Race condition vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52551
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52550
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52549
Vulnerability of data verification errors in the kernel module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52544
Vulnerability of file path verification being bypassed in the email module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52359
Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52543
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52542
Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52541
Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52540
Vulnerability of improper authentication in the Iaware module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52539
Permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52538
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52537
Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52388
Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52717
Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52716
Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52714
Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52713
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2024-30418
Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-30417
Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-30416
Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-30415
Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-48621
Vulnerability of missing authentication for critical functions in the Wi-Fi module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52381
Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2023-52380
Vulnerability of improper access control in the email module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52379
Permission control vulnerability in the calendarProvider module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52377
Vulnerability of input data not being verified in the cellular data module.Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2023-52376
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52375
Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52373
Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing.
CVE-2023-52372
Vulnerability of input parameter verification in the motor module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52371
Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52370
Stack overflow vulnerability in the network acceleration module.Successful exploitation of this vulnerability may cause unauthorized file access.
CVE-2023-52369
Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2023-52368
Input verification vulnerability in the account module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52367
Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2023-52366
Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52365
Out-of-bounds read vulnerability in the smart activity recognition module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-52363
Vulnerability of defects introduced in the design process in the Control Panel module.Successful exploitation of this vulnerability may cause app processes to be started by mistake.
CVE-2023-52360
Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity.
CVE-2023-52358
Vulnerability of configuration defects in some APIs of the audio module.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52357
Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.
CVE-2023-52097
Vulnerability of foreground service restrictions being bypassed in the NMS module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52102
Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52101
Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.
CVE-2023-52099
Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52098
Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.
CVE-2023-52108
Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
CVE-2023-52107
Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-52116
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
CVE-2023-52114
Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.
CVE-2023-44112
Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-52113
launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.
CVE-2023-52112
Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-6273
Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-49240
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49239
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49246
Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49245
Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49243
Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49242
Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49241
API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44099
Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.
CVE-2023-49248
Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.
CVE-2023-49247
Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-46759
Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-46758
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
CVE-2023-46756
Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
CVE-2023-46755
Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.
CVE-2023-46764
Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.
CVE-2023-46763
Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.
CVE-2023-46765
Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.
CVE-2022-48613
Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.
CVE-2023-46771
Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44115
Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-46770
Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.
CVE-2023-5801
Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2023-44108
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44105
Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44119
Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.
CVE-2023-44118
Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2023-44116
Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.
CVE-2023-44111
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44106
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44104
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44103
Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44100
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44094
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44109
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44096
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44093
Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2022-48606
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.
CVE-2023-4565
Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.
CVE-2023-41310
Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.
CVE-2023-41309
Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.
CVE-2023-41308
Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-41307
Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.
CVE-2023-41306
Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.
CVE-2023-41305
Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-41303
Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.
CVE-2023-41302
Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-41301
Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-41300
Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-41297
Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.
CVE-2023-41296
Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.
CVE-2023-39409
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-39408
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
CVE-2021-46895
Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.
CVE-2023-39403
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39402
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39401
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39400
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39399
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39398
Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39395
Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.
CVE-2023-39391
Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-39387
Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.
CVE-2023-39385
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
CVE-2023-39384
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-39383
Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.
CVE-2023-39382
Input verification vulnerability in the audio module. Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.
CVE-2023-39381
Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39405
Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.
CVE-2023-39389
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
CVE-2023-39388
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.
CVE-2022-48520
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48519
Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48518
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.
CVE-2023-1695
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-1691
Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2022-48517
Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.
CVE-2022-48516
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-48515
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2022-48513
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-46892
Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2022-48511
Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.
CVE-2022-48510
Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.
CVE-2022-48509
Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.
CVE-2022-48507
Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-3456
Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-37245
Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.
CVE-2023-37242
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.
CVE-2021-46894
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
CVE-2022-48512
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.
CVE-2022-48508
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-46893
Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-46891
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-46890
Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2022-48486
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48495
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.
CVE-2022-48499
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48488
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.
CVE-2022-48487
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48491
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
CVE-2022-48500
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48494
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48497
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2023-34161
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
CVE-2023-34158
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34167
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34160
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
CVE-2023-34163
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-34156
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.
CVE-2022-48493
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48496
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
CVE-2022-48498
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48492
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48501
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48489
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2022-48490
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
CVE-2023-0116
The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.
CVE-2021-46884
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46885
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46883
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46881
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46886
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2021-46882
The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.
CVE-2023-1696
The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.
CVE-2023-1692
The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48314
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48313
The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48312
The HwPCAssistant module has the out-of-bounds read/write vulnerability. Successful exploitation of this vulnerability may affect confidentiality and integrity.
CVE-2022-48359
The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48356
The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.
CVE-2022-48357
Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.
CVE-2022-48354
The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
CVE-2022-48355
The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.
CVE-2022-48360
The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48346
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48349
The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.
CVE-2022-48353
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.
CVE-2022-48291
The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48352
Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.
CVE-2023-26547
The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-48351
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.
CVE-2023-26549
The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-26548
The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.
CVE-2022-48292
The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48301
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.
CVE-2022-48302
The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48296
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.
CVE-2022-48293
The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48300
The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48294
The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-48295
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).
CVE-2022-48287
The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity.
CVE-2022-48286
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46761
The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons.
CVE-2022-47975
The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-47974
The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart.
CVE-2022-47976
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections.
CVE-2021-46868
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
CVE-2021-46867
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
CVE-2022-46762
The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46318
The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings.
CVE-2021-46856
The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-41596
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.
CVE-2022-41591
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.
CVE-2022-41599
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46315
The ProfileSDK has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-46317
The power consumption module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-46312
The application management module has a vulnerability in permission verification. Successful exploitation of this vulnerability causes unexpected clear of device applications.
CVE-2022-46325
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46321
The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46326
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46320
The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-46327
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.
CVE-2022-46322
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46328
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46323
Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-46319
Fingerprint calibration has a vulnerability of lacking boundary judgment. Successful exploitation of this vulnerability may cause out-of-bounds write.
CVE-2022-46324
Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions.
CVE-2022-44555
The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.
CVE-2021-46851
The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.
CVE-2021-46852
The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-44554
The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.
CVE-2022-44563
There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-44546
The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart.
CVE-2022-44560
The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified.
CVE-2022-44559
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-44551
The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE-2022-44548
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.
CVE-2022-44558
The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-44553
The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically.
CVE-2022-44557
The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-44549
The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.
CVE-2022-44561
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
CVE-2022-44547
The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.
CVE-2022-44550
The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-44562
The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-41580
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41581
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41586
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-41589
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
CVE-2022-41602
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41600
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41576
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
CVE-2022-41577
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.
CVE-2022-41597
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41593
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-39011
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
CVE-2021-46840
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41584
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2021-46839
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-41603
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41585
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
CVE-2022-41601
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41582
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
CVE-2022-41578
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
CVE-2022-38984
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
CVE-2022-41598
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41588
The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.
CVE-2022-41583
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
CVE-2022-38983
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
CVE-2022-41595
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-41594
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2022-38998
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
CVE-2022-38986
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.
CVE-2022-38985
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-41592
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
CVE-2021-40019
Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-40023
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-39010
The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.
CVE-2022-39009
The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.
CVE-2022-39001
The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.
CVE-2022-39007
The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-38999
The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.
CVE-2022-38997
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38996
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-38995
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-38994
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38992
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38991
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38979
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38978
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38989
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-38988
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-39005
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
CVE-2022-39004
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
CVE-2022-38987
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-39006
The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.
CVE-2022-38993
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-38990
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-39000
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.
CVE-2021-46836
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40024
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-39008
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.
CVE-2021-40030
The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-37005
The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-37003
The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.
CVE-2022-37004
The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.
CVE-2022-37002
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.
CVE-2022-37008
The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.
CVE-2022-37007
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.
CVE-2021-40034
The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability.
CVE-2021-40016
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40013
Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.
CVE-2021-40012
Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-34738
The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background.
CVE-2022-34737
The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
CVE-2022-34742
The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-34739
The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.
CVE-2022-34741
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-34740
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-34743
The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-34736
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
CVE-2022-34735
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
CVE-2021-46741
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.
CVE-2022-31752
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-31754
Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.
CVE-2021-46811
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.
CVE-2022-31753
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31757
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46812
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.
CVE-2022-31760
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
CVE-2022-31762
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-31759
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31755
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31756
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-31751
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31758
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-31763
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.
CVE-2021-46814
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-29796
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-29795
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
CVE-2022-29794
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.
CVE-2022-29792
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-29791
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-29790
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.
CVE-2022-29789
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-22261
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
CVE-2022-22260
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
CVE-2021-46788
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.
CVE-2021-46787
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.
CVE-2021-46786
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-46785
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.
CVE-2021-40065
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22253
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
CVE-2021-46742
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.
CVE-2022-22254
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22255
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.
CVE-2022-22256
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
CVE-2021-40047
There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40048
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect availability.
CVE-2021-40049
There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
CVE-2021-40050
There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack overflow.
CVE-2021-40051
There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40054
There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40055
There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40059
There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40061
There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40063
There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40064
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.
CVE-2021-40044
There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations.
CVE-2021-39997
There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-39994
There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-39992
There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.
CVE-2021-37107
There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-37109
There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure.
CVE-2021-37115
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-39986
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-39991
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-40032
The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40027
The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40014
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-40039
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40038
There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40037
There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
CVE-2021-40035
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40031
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40029
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40026
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40009
There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40006
Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.