December

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

Huawei is releasing monthly security updates for flagship models. This security update includes Android and Huawei patches:

This security update includes the CVE announced in the December 2020 Android security bulletin.

Critical:CVE-2020-0458

High:CVE-2020-0447,CVE-2020-0467,CVE-2020-0468,CVE-2020-0294,CVE-2020-0459,CVE-2020-0099,CVE-2020-15802,CVE-2020-0463,CVE-2020-0464,CVE-2020-0470, CVE-2020-0243

Medium:none

Low: none

Already included in previous updates:CVE-2019-10628,CVE-2019-13994,CVE-2019-13995,CVE-2019-14074,CVE-2020-11133,CVE-2020-11135,CVE-2020-3620,CVE-2020-3621,CVE-2020-3622,CVE-2020-3634,CVE-2019-10527,CVE-2018-11970, CVE-2020-3657,CVE-2020-3670,CVE-2020-3673,CVE-2020-3654,CVE-2020-3703,CVE-2020-11157,CVE-2020-0446,CVE-2020-0445

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following Huawei patches:

CVE-2020-9138: Process exception vulnerability during updating

Severity: Low

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploit of this vulnerability can cause process exceptions.

CVE-2020-9139: Improper input validation vulnerability

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploit of this vulnerability can cause memory access errors and denial of service.

CVE-2020-9140: Heap overflow vulnerability

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Unauthorized users may trigger code execution when a buffer overflow occurs.

CVE-2020-9141: Fake app vulnerability due to insufficient verification of data authenticity

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability can cause information disclosure and malfunctions.

CVE-2020-9142: Heap overflow vulnerability when processing an update file

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Heap overflow and memory overwriting occur when the system incorrectly processes the update file.

CVE-2020-9143: Certificate vulnerability

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may lead to low-sensitive information exposure.

CVE-2020-9144: Heap overflow vulnerability

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Attackers can exploit this vulnerability to cause heap overflows.

CVE-2020-9145: Out-of-bounds write vulnerability

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory.