Harmonyos Security Vulnerabilities
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
7.5CVSS
7.3AI Score
0.002EPSS
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.
9.1CVSS
8.8AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability will cause out-of-bounds read, which affects data confidentiality.
7.5CVSS
7.3AI Score
0.002EPSS
The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.
9.8CVSS
9.4AI Score
0.002EPSS
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.
9.8CVSS
9.3AI Score
0.002EPSS
The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.
7.5CVSS
7.4AI Score
0.002EPSS
Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice.
9.8CVSS
9.3AI Score
0.002EPSS
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
7.5CVSS
7.5AI Score
0.001EPSS
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.
7.5CVSS
7.5AI Score
0.001EPSS
The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.
5.9CVSS
5.6AI Score
0.001EPSS
The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.
9.8CVSS
9.4AI Score
0.002EPSS
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.
9.1CVSS
9.1AI Score
0.003EPSS
The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.
9.8CVSS
9.2AI Score
0.002EPSS
The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information.
7.5CVSS
7.4AI Score
0.002EPSS
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.
7.5CVSS
7.3AI Score
0.001EPSS
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
7.8CVSS
7.5AI Score
0.0004EPSS
The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel, which affects the device confidentiality and availability.
7.1CVSS
6.6AI Score
0.0004EPSS
The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.
9.8CVSS
9.7AI Score
0.002EPSS
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
9.8CVSS
9.3AI Score
0.002EPSS
The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
9.1CVSS
9.1AI Score
0.002EPSS
The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.
7.5CVSS
7.5AI Score
0.001EPSS
The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.
7.5CVSS
7.5AI Score
0.001EPSS
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
7.8CVSS
7.4AI Score
0.0004EPSS
The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting.
7.8CVSS
7.4AI Score
0.0004EPSS
The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity.
7.5CVSS
7.5AI Score
0.001EPSS
The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability.
7.5CVSS
7.4AI Score
0.001EPSS
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability.
5.5CVSS
5.7AI Score
0.0004EPSS
The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.
7.5CVSS
7.4AI Score
0.002EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.
7.5CVSS
7.5AI Score
0.001EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS
The system service has a vulnerability that causes incorrect return values. Successful exploitation of this vulnerability may affect data confidentiality.
7.5CVSS
7.5AI Score
0.002EPSS
The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service.
3.4CVSS
4.5AI Score
0.0004EPSS