CVE-2021-40036

The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2021-46785

The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.

CVE-2022-37007

The chinadrm module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect the availability.

CVE-2022-22252

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

CVE-2022-29792

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-29795

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2022-34743

The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-31756

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-31758

The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-34736

The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability.

CVE-2021-46741

The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.

CVE-2022-29790

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

CVE-2022-44547

The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability.

CVE-2022-22254

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-29791

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

CVE-2021-40012

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-46811

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

CVE-2022-31763

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-34742

The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

CVE-2022-37006

Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service availability.

CVE-2022-31751

The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-39006

The MPTCP module has the race condition vulnerability. Successful exploitation of this vulnerability may cause the device to restart.

CVE-2022-48314

The Bluetooth module has a vulnerability of bypassing the user confirmation in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48356

The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.

CVE-2022-38999

The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

CVE-2022-44548

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

CVE-2022-44551

The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2022-48353

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.

CVE-2021-22326

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability.

CVE-2022-41583

The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module.

CVE-2021-40010

The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.

CVE-2021-40017

The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access.

CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.

CVE-2022-44554

The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device.

CVE-2022-48349

The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.

CVE-2023-44093

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22376

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions.

CVE-2021-46812

The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity.

CVE-2021-46856

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-41582

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

CVE-2022-41591

The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.

CVE-2022-44563

There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality.

CVE-2022-46311

The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity.

CVE-2022-48357

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.

CVE-2022-48359

The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-26547

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-39004

The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks.

CVE-2022-39008

The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps.

CVE-2022-44549

The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality.