CVE-2022-48518
N/A
N/A
Summary
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Huawei | HarmonyOS | 2.0.0 | affected |
| Huawei | HarmonyOS | 2.0.1 | affected |
| Huawei | EMUI | 12.0.0 | affected |
| Huawei | EMUI | 12.0.1 | affected |
Weaknesses
- CWE-701: CWE-701 Weaknesses Introduced During Design
ADP Enrichment
CVE Program Container
Additional References
- https://consumer.huawei.com/en/support/bulletin/2023/7/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://consumer.huawei.com/en/support/bulletin/2023/7/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.