Emui Security Vulnerabilities

CVE-2021-46851

The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitation of this vulnerability may cause abnormal video playback.

CVE-2021-46852

The memory management module has the logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46856

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2021-46867

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2021-46868

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2021-46881

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46882

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46883

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46884

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46885

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46886

The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.

CVE-2021-46887

Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-46890

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46891

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46892

Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-46893

Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.

CVE-2021-46894

Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.

CVE-2021-46895

Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.

CVE-2022-22252

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22253

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22254

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22255

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.

CVE-2022-22256

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-22257

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-22258

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

CVE-2022-22260

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

CVE-2022-22261

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29789

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29790

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

CVE-2022-29791

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-29792

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-29793

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.

CVE-2022-29794

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.

CVE-2022-29795

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2022-29796

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2022-31751

The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31752

Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-31753

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31754

Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features.

CVE-2022-31755

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31756

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31758

The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

CVE-2022-31761

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-31762

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-31763

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-34735

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2022-34736

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.