CVE-2023-52538

Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name	Vendor	Start Version	End Version
Emui	Huawei	12.0.0 (including)	12.0.0 (including)
Emui	Huawei	13.0.0 (including)	13.0.0 (including)
Harmonyos	Huawei	2.0.0 (including)	2.0.0 (including)
Harmonyos	Huawei	2.1.0 (including)	2.1.0 (including)
Harmonyos	Huawei	3.0.0 (including)	3.0.0 (including)
Harmonyos	Huawei	3.1.0 (including)	3.1.0 (including)
Harmonyos	Huawei	4.0.0 (including)	4.0.0 (including)

https://cwe.mitre.org/data/definitions/463.html
https://cwe.mitre.org/data/definitions/475.html

References

https://consumer.huawei.com/en/support/bulletin/2024/3/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725
https://consumer.huawei.com/en/support/bulletin/2024/3/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-52538
CWE	https://cwe.mitre.org/data/definitions/347.html

Improper Verification of Cryptographic Signature

Weakness

Affected Software

Related Attack Patterns

References