HarmonyOS Security Vulnerabilities

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and...

CVE-2021-46811

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC)...

CVE-2021-46812

The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data...

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data...

CVE-2021-46814

The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system...

CVE-2022-31751

The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system...

CVE-2022-31755

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system...

CVE-2022-31756

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-31762

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege...

CVE-2022-31758

The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data...

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system...

CVE-2022-31763

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system...

CVE-2022-22252

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system...

CVE-2022-22261

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI...

CVE-2021-46787

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to...

CVE-2022-29789

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI...

CVE-2022-29796

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI...

CVE-2022-29790

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service...

CVE-2022-29792

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data...

CVE-2022-22260

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and...

CVE-2021-46785

The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device...

CVE-2021-46786

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory...

CVE-2022-29791

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI...

CVE-2022-29793

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application...

CVE-2022-29794

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and...

CVE-2022-29795

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel...

CVE-2021-40065

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data...

CVE-2022-22255

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the...

CVE-2022-22256

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data...

CVE-2021-46740

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data...

CVE-2022-22257

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data...

CVE-2022-22254

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data...

CVE-2022-22253

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system...

CVE-2022-22258

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in...

CVE-2021-46742

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the...

CVE-2021-40050

There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vulnerability may cause stack...

CVE-2021-40047

There is a vulnerability of memory not being released after effective lifetime in the Bastet module. Successful exploitation of this vulnerability may affect...

CVE-2021-40048

There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability will affect...

CVE-2021-40053

There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and...

CVE-2021-40052

There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploitation of this vulnerability may affect...

CVE-2021-40063

There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect...

CVE-2021-40055

There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect...

CVE-2021-40064

There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system...

CVE-2021-40049

There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without...

CVE-2021-40061

There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect...

CVE-2021-40051

There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect...

CVE-2021-22479

The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful exploitation of this vulnerability may lead to kernel...

CVE-2021-22480

The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory...

CVE-2021-22489

There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service...

CVE-2021-22319

There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer...