First published: Mon Jul 11 2022(Updated: )
The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Emui | =10.0.0 | |
Huawei Emui | =10.1.0 | |
Huawei Emui | =10.1.1 | |
Huawei Emui | =11.0.0 | |
Huawei Emui | =12.0.0 | |
Huawei Harmonyos | =2.0 | |
Huawei Magic Ui | =3.0.0 | |
Huawei Magic Ui | =3.1.0 | |
Huawei Magic Ui | =3.1.1 | |
Huawei Magic Ui | =4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-34739 is a vulnerability in the fingerprint module that allows for an overflow in arithmetic addition, potentially leading to data acquisition from unknown addresses in address mappings.
CVE-2022-34739 affects Huawei EMUI versions 10.0.0, 10.1.0, 10.1.1, 11.0.0, and 12.0.0, as well as Huawei HarmonyOS version 2.0 and Huawei Magic UI versions 3.0.0, 3.1.0, 3.1.1, and 4.0.0.
CVE-2022-34739 has a severity rating of 7.5, indicating a high severity.
CVE-2022-34739 can be exploited by performing an arithmetic addition overflow, which can lead to the acquisition of data from unknown addresses in address mappings.
To fix CVE-2022-34739, it is recommended to apply the security updates provided by Huawei. Please refer to the official Huawei support bulletin for more information.