Overflow Vulnerability in Fingerprint Module of Huawei Devices
CVE-2022-34739

7.5HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos; Emui; Magic Ui
Vendor: CVE Published:; 12 July 2022

Summary

The fingerprint module within certain Huawei devices is susceptible to an overflow vulnerability due to arithmetic addition operations. When exploited, this flaw may allow an attacker to gain access to sensitive data from unallocated memory addresses, potentially leading to unauthorized data exposure. Users of affected Huawei devices should prioritize patching to mitigate this risk.

Affected Version(s)

EMUI 10.0.0

EMUI 10.1.0

EMUI 10.1.1

References

https://consumer.huawei.com/en/support/bulletin/2022/7/

x_refsource_MISC

https://device.harmonyos.com/en/docs/security/update/secu...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2022
Vulnerability Reserved
Jun 28, 2022