{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41306", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2023-08-28T12:17:09.166Z", "datePublished": "2023-09-26T01:14:26.222Z", "dateUpdated": "2024-09-24T18:49:21.601Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "2.0.1"}, {"status": "affected", "version": "2.0.0"}]}, {"defaultStatus": "unaffected", "product": "EMUI", "vendor": "Huawei", "versions": [{"status": "affected", "version": "12.0.1"}, {"status": "affected", "version": "12.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable."}], "value": "Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2023-09-26T01:14:26.222Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:05.042Z"}, "title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/", "tags": ["x_transferred"]}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T18:49:09.768594Z", "id": "CVE-2023-41306", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:49:21.601Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/", "tags": ["x_transferred"]}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:05.042Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T18:49:09.768594Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:49:15.763Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "2.0.1"}, {"status": "affected", "version": "2.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "12.0.1"}, {"status": "affected", "version": "12.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/9/"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2023-09-26T01:14:26.222Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41306", "state": "PUBLISHED", "dateUpdated": "2024-09-24T18:49:21.601Z", "dateReserved": "2023-08-28T12:17:09.166Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2023-09-26T01:14:26.222Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable."}, {"lang": "es", "value": "Vulnerabilidad de la gesti\u00f3n de mutex en el m\u00f3dulo de aplicaci\u00f3n confiable (TA) de identificaci\u00f3n de voz bone. La explotaci\u00f3n exitosa de esta vulnerabilidad puede hacer que la funci\u00f3n de identificaci\u00f3n de voz bone no est\u00e9 disponible."}], "id": "CVE-2023-41306", "lastModified": "2024-11-21T08:21:02.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-27T15:19:28.560", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2023/9/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2023/9/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202309-0000001638925158"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}