CVE-2022-48518

Summary

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

Affected Software

VendorProductVersion RangeStatus
HuaweiHarmonyOS2.0.0affected
HuaweiHarmonyOS2.0.1affected
HuaweiEMUI12.0.0affected
HuaweiEMUI12.0.1affected

Weaknesses

  • CWE-701: CWE-701 Weaknesses Introduced During Design

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References