Harmonyos Security Vulnerabilities
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
7.5CVSS
7.5AI Score
0.001EPSS
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.
7.5CVSS
7.5AI Score
0.001EPSS
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.
9.8CVSS
9.1AI Score
0.002EPSS
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.
9.1CVSS
9AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.
7.5CVSS
7.4AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.
7.5CVSS
7.5AI Score
0.001EPSS
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.
9.8CVSS
9.4AI Score
0.002EPSS
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
7.5CVSS
7.4AI Score
0.001EPSS
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
7.5CVSS
7.5AI Score
0.001EPSS
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.4AI Score
0.0004EPSS
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.5AI Score
0.0004EPSS
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.
5.5CVSS
5.5AI Score
0.0004EPSS
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
4.7CVSS
4.7AI Score
0.0004EPSS
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.5AI Score
0.0004EPSS
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
9.1CVSS
9.1AI Score
0.002EPSS
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.
7.8CVSS
7.6AI Score
0.0004EPSS
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.
5.5CVSS
5.5AI Score
0.0004EPSS
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
7.5CVSS
7.3AI Score
0.001EPSS
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.
7.5CVSS
7.3AI Score
0.001EPSS
The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality.
9.1CVSS
9.1AI Score
0.002EPSS
The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background.
7.5CVSS
7.5AI Score
0.001EPSS
The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.
7.5CVSS
7.6AI Score
0.002EPSS
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
6.5CVSS
6.7AI Score
0.001EPSS
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
6.5CVSS
6.7AI Score
0.001EPSS
The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.001EPSS
The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The diag-router module has a vulnerability in intercepting excessive long and short instructions. Successful exploitation of this vulnerability will cause the diag-router module to crash.
7.5CVSS
7.4AI Score
0.001EPSS
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.
9.8CVSS
9.4AI Score
0.002EPSS
The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.
9.8CVSS
9.3AI Score
0.002EPSS
The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). Successful exploitation of this vulnerability may affect the availability.
7.5CVSS
7.5AI Score
0.001EPSS
The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.7AI Score
0.002EPSS
Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability.
7.5CVSS
7.5AI Score
0.001EPSS
The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.
7.5CVSS
7.5AI Score
0.001EPSS
The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability.
7.5CVSS
7.5AI Score
0.001EPSS
The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of sensitive data.
7.5CVSS
7.6AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.
9.8CVSS
9.4AI Score
0.002EPSS
The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.
7.5CVSS
7.3AI Score
0.002EPSS
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
9.8CVSS
9.3AI Score
0.001EPSS
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
9.8CVSS
9.6AI Score
0.003EPSS