HarmonyOS Security Vulnerabilities

CVE-2022-39001

The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data...

CVE-2022-39000

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system...

CVE-2022-39009

The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN...

CVE-2021-40024

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data...

CVE-2022-38979

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-38997

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system...

CVE-2022-39007

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege...

CVE-2022-39010

The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network...

CVE-2021-46836

Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data...

CVE-2022-38988

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-38994

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-38987

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system...

CVE-2022-38991

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-38993

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system...

CVE-2022-38992

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-39002

Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed...

CVE-2022-39006

The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to...

CVE-2022-38978

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data...

CVE-2022-38989

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system...

CVE-2022-38990

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system...

CVE-2022-38995

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system...

CVE-2022-38996

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system...

CVE-2022-38999

The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and...

CVE-2022-39004

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory...

CVE-2022-39005

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory...

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the...

CVE-2022-37007

The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the...

CVE-2022-37001

The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to...

CVE-2022-37004

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the...

CVE-2022-37005

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data...

CVE-2022-37008

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system...

CVE-2022-37006

Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service...

CVE-2022-37003

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to...

CVE-2021-40034

The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the...

CVE-2021-40040

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect...

CVE-2021-40030

The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data...

CVE-2021-46741

The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system...

CVE-2021-40012

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect...

CVE-2022-34740

The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and...

CVE-2022-34735

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel...

CVE-2022-34739

The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address...

CVE-2022-34737

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and...

CVE-2022-34736

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel...

CVE-2022-34741

The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and...

CVE-2022-34743

The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system...

CVE-2022-34738

The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the...

CVE-2022-34742

The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data...

CVE-2021-40036

The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code...

CVE-2022-31753

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system...