Huawei released the July 2022 HarmonyOS mobile security patch details that include fixes for 1 CVE in framework, 3 CVEs in the kernel, 4 CVEs in the system, 2 CVEs in the Application and 6 CVEs in the third-party libraries. This bulletin contains details about the security vulnerabilities that have been fixed by security patch 2022-07-01.
Framework
CVE-2021-46741 (The basic framework and setting module have defects, which were introduced during the design.)
Kernel
CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulnerability.)
CVE-2022-34736 (The frame scheduling module has a null pointer dereference vulnerability.)
CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read vulnerability.)
System
CVE-2022-34740 (The NFC module has a buffer overflow vulnerability.)
CVE-2022-34741 (The NFC module has a buffer overflow vulnerability.)
CVE-2022-34739 (The fingerprint module has a vulnerability of overflow in arithmetic addition.)
CVE-2022-34742 (The system module has a read/write vulnerability.)
Application
CVE-2022-34737 (The application security module has a vulnerability in permission assignment.)
CVE-2022-34738 (The SystemUI module has a vulnerability in permission control.)
Third-Party Library
CVE-2018-25032 (High)
CVE-2022-1353 (Medium)
CVE-2022-1016 (Medium)
CVE-2021-0344 (Medium)
CVE-2022-20057 (Medium)
CVE-2022-25375 (Medium)