HUAWEI Phone/Tablet Security Bulletins, September 2024

CVE-2023-52106 API permission checking vulnerability in DownloadProviderMain module Successful exploitation of this vulnerability may affect the integrity and availability of the service. Medium HarmonyOS3.1.0, EMUI 13.0.0

CVE-2024-42039 Access control vulnerability in SystemUI module Exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45441 Input Verification Vulnerability in System Module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45442 API permission checking vulnerability in DownloadProviderMain module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0

CVE-2024-45443 Directory traversal vulnerability in cust module Availability and confidentiality may be affected if this vulnerability is successfully exploited. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45444 WMS Module Access Permission Verification Vulnerability Successful exploitation of this vulnerability may result in service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45445 Unclosed or Unfreezed Resources vulnerability in the keystore module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0

CVE-2024-45446 Permission checking vulnerability in camera driver module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45447 Access control vulnerability in camera frame module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45448 Page Table Protection Configuration Vulnerability in Trusted Firmware Module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0

CVE-2024-45449 Permission Checking Vulnerability in Ringtone Settings Module Successful exploitation of this vulnerability may result in service confidentiality issues. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-45450 Permission Control Vulnerability in Software Update Module Successful exploitation of this vulnerability may result in service confidentiality issues. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

CVE-2024-8298 Memory request vulnerability in memory management module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0