MidnightBSD

Advisories for honor

CVE-2023-23427

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23428

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23429

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.5 1.4

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23435

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23436

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
3836d913-7555-4dd0-a509-f5667fdf5fe4 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 2.5 4.7

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23442

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2024-47148

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47149

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47150

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47151

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.0 5.2

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47153

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47154

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47155

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47156

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 1.8 1.4

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-47157

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-8992

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-8993

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
honor magicos *
CVE-2024-8994

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
honor magicos *
CVE-2025-1532

Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
honor phoneservice *
CVE-2025-2188

There is a whitelist mechanism bypass in GameCenter ,successful exploitation of this vulnerability may affect service confidentiality and integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 2.8 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

Products Affected

Vendor Product Version
honor gamecenter *
CVE-2025-2197

Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
honor baidu *
CVE-2025-46014

Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
honor pc_manager *