Summaryinfo

A vulnerability, which was classified as problematic, was found in Huawei EMUI, Magic UI and HarmonyOS. This affects an unknown part of the component Secure OS Module. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2022-38991. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Huawei EMUI, Magic UI and HarmonyOS (version unknown). Affected by this issue is an unknown function of the component Secure OS Module. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

The weakness was shared 09/17/2022. The advisory is shared for download at consumer.huawei.com. This vulnerability is handled as CVE-2022-38991 since 08/29/2022. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Smartphone Operating System

Vendor

• Huawei

Name

• EMUI
• HarmonyOS
• Magic UI

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion