Security Vulnerabilities by psirt@huawei.com

Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access.

Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality.

Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality.

Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality.

API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation.

Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data.

Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones.

Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.

Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.

Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.

Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.