Login Sign Up

CVE-2022-29794

9.8 CRITICAL

📋 TL;DR

CVE-2022-29794 is a Use After Free vulnerability in the frame scheduling module of Huawei HarmonyOS and EMUI devices. This vulnerability allows attackers to potentially execute arbitrary code, compromise data integrity/availability/confidentiality, and gain elevated privileges. It affects Huawei smartphones and tablets running vulnerable versions of HarmonyOS and EMUI.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
Versions: HarmonyOS 2.1.0, 2.1.1, and EMUI 12.0.0
Operating Systems: HarmonyOS, EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with specific chipset configurations; exact device models listed in Huawei advisories

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote code execution, data theft, and persistent backdoor installation

🟠

Likely Case

Application crashes, denial of service, or limited privilege escalation depending on exploit implementation

🟢

If Mitigated

Minimal impact if patched; potential performance issues if workarounds applied

🌐 Internet-Facing: HIGH - Can be exploited remotely without user interaction in some scenarios
🏢 Internal Only: MEDIUM - Requires local access or malicious app installation for exploitation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

CVSS 9.8 indicates critical severity with network-accessible attack vector and no privileges required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 2.1.1.195 (C00E190R5P1) and later, EMUI 12.0.0.195 (C00E190R5P1) and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2022/5/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Download and install available security updates. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable unnecessary services

all

Reduce attack surface by disabling unused system services and permissions

Application restrictions

all

Only install apps from trusted sources and review app permissions

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks
  • Implement strict application allowlisting policies

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > HarmonyOS/EMUI version. If version is 2.1.0, 2.1.1, or 12.0.0 (without patch), device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS/EMUI version

Verify Fix Applied:

Verify version is 2.1.1.195 or higher for HarmonyOS, or 12.0.0.195 or higher for EMUI

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected process crashes in system services
  • Memory corruption warnings

Network Indicators:

  • Unusual outbound connections from system processes
  • Suspicious network traffic to/from device management ports

SIEM Query:

Device logs showing 'kernel: use-after-free' or 'kernel: BUG: KASAN: use-after-free'

📊 Metadata

CVE ID: CVE-2022-29794
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: May 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29794, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)