Huawei EMUI/Magic UI security updates Dec-20
Huawei is releasing monthly security updates for flagship models. This security update includes Android and Huawei patches:
This security update includes the CVE announced in the December 2020 Android security bulletin.
Critical:CVE-2020-0458
High:CVE-2020-0447,CVE-2020-0467,CVE-2020-0468,CVE-2020-0294,CVE-2020-0459,CVE-2020-0099,CVE-2020-15802,CVE-2020-0463,CVE-2020-0464,CVE-2020-0470, CVE-2020-0243
Medium:none
Low: none
Already included in previous updates:CVE-2019-10628,CVE-2019-13994,CVE-2019-13995,CVE-2019-14074,CVE-2020-11133,CVE-2020-11135,CVE-2020-3620,CVE-2020-3621,CVE-2020-3622,CVE-2020-3634,CVE-2019-10527,CVE-2018-11970, CVE-2020-3657,CVE-2020-3670,CVE-2020-3673,CVE-2020-3654,CVE-2020-3703,CVE-2020-11157,CVE-2020-0446,CVE-2020-0445
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following Huawei patches:
CVE-2020-9138: Process exception vulnerability during updating
Severity: Low
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploit of this vulnerability can cause process exceptions.
Acknowledgment: Wen Guanxing
CVE-2020-9139: Improper input validation vulnerability
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploit of this vulnerability can cause memory access errors and denial of service.
CVE-2020-9140: Heap overflow vulnerability
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Unauthorized users may trigger code execution when a buffer overflow occurs.
CVE-2020-9141: Fake app vulnerability due to insufficient verification of data authenticity
Severity: Medium
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability can cause information disclosure and malfunctions.
CVE-2020-9142: Heap overflow vulnerability when processing an update file
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Heap overflow and memory overwriting occur when the system incorrectly processes the update file.
Acknowledgment: Wen Guanxing
CVE-2020-9143: Certificate vulnerability
Severity: Medium
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to low-sensitive information exposure.
CVE-2020-9144: Heap overflow vulnerability
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Attackers can exploit this vulnerability to cause heap overflows.
CVE-2020-9145: Out-of-bounds write vulnerability
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory.
- en