Vulnerabilities > CVE-2022-48297 - Improper Validation of Specified Quantity in Input vulnerability in Huawei Emui and Harmonyos

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

huawei

CWE-1284

NVD

Published: 2023-02-09

Updated: 2023-08-08

Summary

The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Emui 12.0.1 Huawei Harmonyos 2.0 Huawei Harmonyos 3.0.0	3

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474
https://consumer.huawei.com/en/support/bulletin/2023/2/