Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality.

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality.

The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability.

Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality.

Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability.

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.

The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.

The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.