HUAWEI Security Vulnerabilities

CVE-2022-48488

Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

CVE-2022-48489

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48490

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48491

Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

CVE-2022-48492

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48493

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48494

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48495

Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.

CVE-2022-48496

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48497

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48498

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48499

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48500

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48501

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

CVE-2022-48507

Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48508

Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.

CVE-2022-48509

Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.

CVE-2022-48510

Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.

CVE-2022-48511

Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.

CVE-2022-48512

Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

CVE-2022-48513

Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2022-48514

The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48515

Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48516

Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-48517

Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.

CVE-2022-48518

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which...

CVE-2022-48519

Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48520

Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48605

Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2022-48606

Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.

CVE-2022-48613

Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.

CVE-2022-48615

An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.

CVE-2022-48616

A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges.

CVE-2023-0116

The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.

CVE-2023-0117

The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.

CVE-2023-1691

Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-1692

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1693

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1694

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1695

Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-1696

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.

CVE-2023-26547

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2023-26548

The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.

CVE-2023-26549

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-31225

The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.

CVE-2023-31226

The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.

CVE-2023-34154

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.

CVE-2023-34155

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.

CVE-2023-34156

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.