HUAWEI EMUI/Magic UI security updates November 2022
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following third-party library patches:
This security update includes the CVE announced in the October 2022 Android security bulletin:
Critical: CVE-2022-25720
High: CVE-2022-20412, CVE-2022-20413, CVE-2022-20422, CVE-2022-20421, CVE-2021-0696, CVE-2021-0699, CVE-2021-0951, CVE-2022-20423
Medium: CVE-2021-39758, CVE-2022-20415, CVE-2022-25664, CVE-2022-25666, CVE-2022-20253, CVE-2022-20257, CVE-2022-20269, CVE-2022-20273, CVE-2022-20278, CVE-2022-20290, CVE-2022-20313, CVE-2022-20314, CVE-2022-20333, CVE-2022-20334
Low: none
Already included in previous updates: CVE-2022-20247, CVE-2022-20271, CVE-2022-20272, CVE-2022-20292, CVE-2022-20297, CVE-2022-20302, CVE-2022-20399, CVE-2021-0986
※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-46851: Vulnerability of unstrict verification of the memory's security attribute in the DRM module
Severity: High
Affected versions: EMUI12.0.0
Impact: Successful exploitation of this vulnerability by attackers may cause the video playback to be abnormal.
CVE-2021-46852: Logic bypass vulnerability in the memory management module
Severity: Medium
Affected versions: EMUI12.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-44546: Vulnerability that the kernel module automatically frees the memory but does not clear the mapping
Severity: High
Affected versions: EMUI12.0.0
Impact: Successful exploitation of this vulnerability may cause the system to restart.
CVE-2022-44547: UAF vulnerability in the Display Service module
Severity: High
Affected versions: EMUI12.0.0
Impact: Successful exploitation of this vulnerability may cause Display Service to reset and restart.
CVE-2022-44548: Vulnerability of unstrict permission verification during Bluetooth pairing
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.
CVE-2022-44549: Geofencing API access vulnerability in the LBS module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause third-party apps to access the geofencing API without authorization, affecting user confidentiality.
CVE-2022-44550: UAF vulnerability when traversing layers in the graphics display module
Severity: High
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-44551: Thread security vulnerability in the iaware module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE-2022-44552: Vulnerability of defects being introduced in the design process in the lock screen module
Severity: Medium
Affected versions: EMUI11.0.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-44553: Vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause third-party apps to be activated periodically.
CVE-2022-44554: Unstrict permission verification vulnerability in the power module
Severity: Medium
Affected versions: EMUI12.0.0
Impact: Successful exploitation of this vulnerability may cause the status of a module to be abnormal.
CVE-2022-44555: Service hijacking vulnerability in the DDMP/ODMF module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause service unavailability.
CVE-2022-44556: Missing parameter type validation in the DRM module
Severity: High
Affected versions: EMUI12.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-44557: Vulnerability of obtaining the read and write permissions on arbitrary system files in the SmartTrimProcessEvent module
Severity: High
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-44558: Mismatch between serialization and deserialization in the AMS module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-44559: Mismatch between serialization and deserialization in the AMS module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-44560: Intent redirection vulnerability in the launcher module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause launcher module data to be modified.
CVE-2022-44561: Permission verification vulnerability in the preset launcher module
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability allows unauthorized apps to add arbitrary widgets and shortcuts without interaction.
CVE-2022-44562: Mismatch between serialization and deserialization at the system framework layer
Severity: Medium
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-44563: Race condition vulnerability in SD upgrade mode
Severity: High
Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1
Impact: Successful exploitation of this vulnerability will affect confidentiality.
- ca