There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.

Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.

Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable.

There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure.

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected products: Mate 20 X, versions earlier than Ever-AL00B 9.0.0.200(C00E200R2P1); Mate 20, versions earlier than Hima-AL00B/Hima-TL00B 9.0.0.200(C00E200R2P1); Honor Magic 2, versions earlier than Tony-AL00B/Tony-TL00B 9.0.0.182(C00E180R2P2).

Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability

The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.

There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC.

Vulnerability of system file information leakage in the USB Service module. Successful exploitation of this vulnerability may affect confidentiality.

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally.

Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.

Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.

Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations.

The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. An unauthenticated attacker could start third-part input method APP through certain operations to bypass lock-screen by exploit this vulnerability.

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an application with the authorization of phone state to obtain user location additionally.

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtained the Huawei ID bound to the watch can bypass permission verification to perform specific operations and modify some data on the watch.

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.

Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Permission control vulnerability in the package management module.Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability.

Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally.

Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation of this vulnerability may affect service confidentiality.