Vulnerabilities > Huawei > Harmonyos > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-38983 Use After Free vulnerability in Huawei Emui and Harmonyos
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
network
low complexity
huawei CWE-416
critical
 9.8
9.8
2022-10-14 CVE-2022-38982 Unspecified vulnerability in Huawei Harmonyos 2.0
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
network
low complexity
huawei
critical
 9.8
9.8
2022-10-14 CVE-2022-38980 Out-of-bounds Write vulnerability in Huawei Harmonyos 2.0/2.1
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability may allow attackers to obtain process control permissions.
network
low complexity
huawei CWE-787
critical
 9.8
9.8
2022-10-14 CVE-2021-46840 Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos
The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
network
low complexity
huawei CWE-125
critical
 9.1
9.1
2022-10-14 CVE-2021-46839 Out-of-bounds Read vulnerability in Huawei Emui and Harmonyos
The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
network
low complexity
huawei CWE-125
critical
 9.1
9.1
2022-09-16 CVE-2022-39009 Improper Authentication vulnerability in Huawei Emui and Harmonyos
The WLAN module has a vulnerability in permission verification.
network
low complexity
huawei CWE-287
critical
 9.8
9.8
2022-09-16 CVE-2022-39008 Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
The NFC module has bundle serialization/deserialization vulnerabilities.
network
low complexity
huawei CWE-502
critical
 9.1
9.1
2022-09-16 CVE-2022-39007 Unspecified vulnerability in Huawei Emui and Harmonyos
The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.
network
low complexity
huawei
critical
 9.8
9.8
2022-09-16 CVE-2022-39002 Double Free vulnerability in Huawei Emui, Harmonyos and Magic UI
Double free vulnerability in the storage module.
network
low complexity
huawei CWE-415
critical
 9.8
9.8
2022-09-16 CVE-2022-39000 Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.
network
low complexity
huawei
critical
 9.8
9.8