HUAWEI Security Vulnerabilities

CVE-2023-41294

The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services.

CVE-2023-41295

Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim.

CVE-2023-41296

Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVE-2023-41297

Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking.

CVE-2023-41298

Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41299

DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41300

Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41301

Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-41302

Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-41303

Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

CVE-2023-41304

Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

CVE-2023-41305

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41306

Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

CVE-2023-41307

Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-41308

Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41309

Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.

CVE-2023-41310

Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

CVE-2023-41311

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.

CVE-2023-41312

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.

CVE-2023-44093

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44094

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44095

Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.

CVE-2023-44096

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44097

Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44098

Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44099

Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption.

CVE-2023-44100

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44101

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-44102

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

CVE-2023-44103

Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44104

Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44105

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44106

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44107

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-44108

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44109

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44110

Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability.

CVE-2023-44111

Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-44113

Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114

Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44115

Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44116

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44117

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44118

Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44119

Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability.

CVE-2023-4565

Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

CVE-2023-4566

Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46755

Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.

CVE-2023-46756

Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.