CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-37245
https://notcve.org/view.php?id=CVE-2023-37245
Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem. • https://consumer.huawei.com/en/support/bulletin/2023/7 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37242
https://notcve.org/view.php?id=CVE-2023-37242
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities. • https://consumer.huawei.com/en/support/bulletin/2023/7 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46894
https://notcve.org/view.php?id=CVE-2021-46894
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation. • https://consumer.huawei.com/en/support/bulletin/2023/7 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 • CWE-269: Improper Privilege Management CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48512
https://notcve.org/view.php?id=CVE-2022-48512
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally. • https://consumer.huawei.com/en/support/bulletin/2023/7 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 • CWE-122: Heap-based Buffer Overflow CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48508
https://notcve.org/view.php?id=CVE-2022-48508
Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. • https://consumer.huawei.com/en/support/bulletin/2023/7 https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •