exploitDog

CVE-2022-41580

Опубликовано: 14 окт. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

Ссылки

https://consumer.huawei.com/en/support/bulletin/2022/10/
Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697
Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2022/10/
Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*

cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*

cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00247

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-125

CWE-125

Связанные уязвимости

GHSA-w2vc-6qc2-rxm2

CVSS3: 7.8

github

больше 3 лет назад

The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.

EPSS

Процентиль: 48%

0.00247

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-125

CWE-125