CVE-2022-41581 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.

CVE-2016-2616 is the case of HW_KEYMASTER with a fixed version 10.0.10.3. This vulnerability was disclosed to the vendor on Jan 21st, 2016 and has been fixed in the version 10.0.10.3/1.1.0.0. We recommend updating your system as soon as the vendor releases a patch to avoid possible security issues. End-users with automatic updates enabled are already patched.

HW_KEYMASTER Vulnerabilities 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 HW_KEYMASTER has several vulnerabilities, one of which is: Incorrect checking of data read. This may result in out-of-bounds access. To exploit this vulnerability, an attacker must convince a user to visit a malicious website or email, or gain access to an account where a user has access to the account of another user with this vulnerability.

Vulnerability details html

Coverage

CVE-2022-41581 is a malicious website that will execute code on your system. By visiting this website, your system will be compromised and you'll be vulnerable to other malicious websites as well. This vulnerability was disclosed to the vendor on Jan 21st, 2016 and has been fixed in the version 10.0.10.3/1.1.0.0 of HW_KEYMASTER . We recommend updating your system as soon as the vendor releases a patch to avoid possible security issues . End-users with automatic updates enabled are already patched .

HW_KEYMASTER Vulnerabilities 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 HW_KEYMASTER has several vulnerabilities, one of which is: Incorrect checking of data read. This may result in out-of-bounds access. To exploit this vulnerability, an attacker must convince a user to visit a malicious website or email, or gain access to an account where a user has access to the account of another user with this vulnerability .

Summary of Key Findings:

HW_KEYMASTER 10.0.10.3/1.1.0.0
CVE-2016-2616
Feb 13th, 2018

Only up to date firmware is recommended

The vulnerability CVE-2016-2616 has been fixed in the version 10.0.10.3/1.1.0.0, and we recommend all users of HW_KEYMASTER to update their firmware as soon as possible to avoid the possibility of potential security issues caused by this vulnerability

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/18/2022 17:33:00 UTC

References

• https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697
• https://consumer.huawei.com/en/support/bulletin/2022/10/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41581