First published: Mon Apr 11 2022(Updated: )
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
Credit: psirt@huawei.com psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Emui | =10.0.0 | |
Huawei Emui | =10.1.0 | |
Huawei Emui | =10.1.1 | |
Huawei Emui | =11.0.0 | |
Huawei Emui | =11.0.1 | |
Huawei Emui | =12.0.0 | |
Huawei Harmonyos | =2.0 | |
Huawei Magic Ui | =3.0.0 | |
Huawei Magic Ui | =3.1.0 | |
Huawei Magic Ui | =3.1.1 | |
Huawei Magic Ui | =4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22254 is a permission bypass vulnerability that exists when the NFC CAs access the TEE.
Successful exploitation of CVE-2022-22254 may affect data confidentiality.
CVE-2022-22254 affects Huawei Emui versions 10.0.0, 10.1.0, 10.1.1, 11.0.0, 11.0.1, 12.0.0; Huawei Harmonyos version 2.0; and Huawei Magic Ui versions 3.0.0, 3.1.0, 3.1.1, 4.0.0.
CVE-2022-22254 has a severity rating of 7.5 (high).
You can find more information about CVE-2022-22254 in the following references: [Huawei Support Bulletin](https://consumer.huawei.com/en/support/bulletin/2022/4/) and [HarmonyOS Security Bulletins](https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294).