Huawei » Harmonyos » 2.0 : Security Vulnerabilities, CVEs,

Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.

The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.

The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.

Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.

The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.

The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.

Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.

The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.

The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.