Harmonyos
Monthly
Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.
Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Permission bypass in the HarmonyOS card module allows a local, unprivileged user - with required user interaction - to circumvent access controls, resulting in high availability impact alongside limited confidentiality and integrity exposure. The vulnerability affects Huawei HarmonyOS across all tracked versions per CPE data and is documented in Huawei's July 2026 security bulletin. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk constrained to local attack scenarios.
Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.
Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.
Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.
Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.
Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Auth bypass in device authentication module.
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.9 MEDIUM]
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]
Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]
Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.9 MEDIUM]
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]
Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. [CVSS 7.8 HIGH]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.1 MEDIUM]
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.7 MEDIUM]
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.
Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
DoS vulnerability in the video-related system service module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Permission control vulnerability in the distributed component. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.
UAF vulnerability in the screen recording framework module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition vulnerability in the device standby module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Design defect in HarmonyOS's 'Expedition mode' allows a high-privileged local attacker, with user interaction, to cause significant availability disruption and minor integrity impact. Reported by Huawei in its July 2026 security bulletin, the vulnerability carries a CVSS 3.1 base score of 4.8, reflecting constrained exploitability due to local access, high privilege, and required user interaction. No public exploit code has been identified, and the flaw does not appear in the CISA KEV catalog. Notably, the 'Information Disclosure' tag associated with this CVE is inconsistent with the CVSS confidentiality metric of C:N - this discrepancy should be verified against the vendor advisory.
Permission control bypass in the Settings module of Huawei HarmonyOS and EMUI exposes sensitive service data to unauthorized local actors. A locally-installed application without elevated privileges can exploit the flaw (CWE-200) during user interaction with the Settings UI to read confidential configuration or service data - with a CVSS-rated High confidentiality impact (C:H). No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Permission bypass in the HarmonyOS card module allows a local, unprivileged user - with required user interaction - to circumvent access controls, resulting in high availability impact alongside limited confidentiality and integrity exposure. The vulnerability affects Huawei HarmonyOS across all tracked versions per CPE data and is documented in Huawei's July 2026 security bulletin. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk constrained to local attack scenarios.
Out-of-bounds read in HarmonyOS's image codec module allows a local attacker to cause service availability disruption, with the vendor description also noting potential confidentiality impact - a discrepancy with the CVSS C:N metric that warrants attention. All versions of Huawei HarmonyOS across consumer devices, vision products, wearables, and laptops are identified as affected per the July 2026 Huawei Security Bulletin. No public exploit code has been identified at time of analysis, and the medium CVSS score of 4.0 with a local attack vector limits real-world exploitation to scenarios with physical or local access to the target device.
Out-of-bounds read in HarmonyOS's image codec module exposes partial memory contents to local attackers, affecting service confidentiality with a secondary availability impact. The CVSS vector (AV:L/PR:N) scopes exploitation to the local device - reachable by any installed application capable of submitting image data to the vulnerable codec - without requiring elevated privileges. No confirmed active exploitation (not listed in CISA KEV) and no public exploit code have been identified at time of analysis; Huawei has published remediation bulletins across four device categories in July 2026.
Out-of-bounds read in HarmonyOS's image codec module exposes limited memory content and may cause service instability, affecting confidentiality and availability at a low severity level. The flaw resides in image processing logic and is reachable by a local, unprivileged actor who can trigger image decoding - such as by supplying a crafted image file. No public exploit has been identified at time of analysis, and Huawei has disclosed patches via July 2026 security bulletins covering consumer devices, wearables, and laptops.
Out-of-bounds read in HarmonyOS's image codec module can be triggered locally, with potential impact to service confidentiality and availability. Huawei disclosed this via its July 2026 security bulletin family covering consumer devices, vision products, wearables, and laptops - indicating broad exposure across the HarmonyOS device ecosystem. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA's KEV catalog.
Out-of-bounds read in the HarmonyOS image codec module allows a local unprivileged user to disrupt service availability on affected Huawei devices. Huawei's own bulletin language references potential confidentiality impact, but the NVD CVSS vector assigns C:N and A:L only - a discrepancy that warrants attention. No public exploit code and no CISA KEV listing have been identified at time of analysis, keeping real-world risk low despite the wide device footprint across Huawei phones, wearables, and laptops.
Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.7 MEDIUM]
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.6 MEDIUM]
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]
Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.4 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.0 MEDIUM]
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Auth bypass in device authentication module.
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.8 MEDIUM]
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.5 MEDIUM]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).
Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.9 MEDIUM]
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 7.3 HIGH]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.9 MEDIUM]
Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 4.8 MEDIUM]
Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.0 MEDIUM]
Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.5 MEDIUM]
Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.9 MEDIUM]
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. [CVSS 6.2 MEDIUM]
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 4.0 MEDIUM]
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]
Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. [CVSS 7.8 HIGH]
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.1 MEDIUM]
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.7 MEDIUM]
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.
CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.
Vulnerability of improper criterion security check in the call module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Settings module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the memory management module. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
DoS vulnerability in the video-related system service module. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.
Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Permission control vulnerability in the distributed component. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.
UAF vulnerability in the screen recording framework module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Race condition vulnerability in the device standby module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.