The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
Weakness
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emui | Huawei | 10.0.0 (including) | 10.0.0 (including) |
| Emui | Huawei | 10.1.0 (including) | 10.1.0 (including) |
| Emui | Huawei | 10.1.1 (including) | 10.1.1 (including) |
| Emui | Huawei | 11.0.0 (including) | 11.0.0 (including) |
| Emui | Huawei | 11.0.1 (including) | 11.0.1 (including) |
| Emui | Huawei | 12.0.0 (including) | 12.0.0 (including) |
| Harmonyos | Huawei | 2.0 (including) | 2.0 (including) |
| Magic_ui | Huawei | 3.0.0 (including) | 3.0.0 (including) |
| Magic_ui | Huawei | 3.1.0 (including) | 3.1.0 (including) |
| Magic_ui | Huawei | 3.1.1 (including) | 3.1.1 (including) |
| Magic_ui | Huawei | 4.0.0 (including) | 4.0.0 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/145.html
- https://cwe.mitre.org/data/definitions/463.html
- https://cwe.mitre.org/data/definitions/75.html
References
- https://consumer.huawei.com/en/support/bulletin/2022/4/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294
- https://consumer.huawei.com/en/support/bulletin/2022/4/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294