October

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates October 2021

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the September 2021 Android security bulletin.

Critical: CVE-2021-0687

High: CVE-2021-0644, CVE-2021-0682, CVE-2021-0683, CVE-2021-0684, CVE-2021-0598, CVE-2021-0688, CVE-2021-0689, CVE-2021-0690, CVE-2021-0595, CVE-2021-0685, CVE-2021-0693, CVE-2021-0686, CVE-2021-0695, CVE-2021-0680, CVE-2021-0681, CVE-2021-30290, CVE-2021-30294, CVE-2021-1941, CVE-2021-1948, CVE-2021-1974

Medium: CVE-2021-1957, CVE-2021-1958, CVE-2021-1961

Low: none

Already included in previous updates: CVE-2021-0519, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0515, CVE-2021-0514, CVE-2021-0513, CVE-2021-0571, CVE-2021-0592, CVE-2021-0577, CVE-2021-0639, CVE-2020-14381, CVE-2021-3347, CVE-2021-28375, CVE-2021-0585

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-37020: Improper verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-22326: Kernel space read/write vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37118: Man-in-the-middle (MITM) attack vulnerability when using HUAWEI Share in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37117: Service logic vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-37114: Out-of-bounds read vulnerability in some HUAWEI devices

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37113: Privilege escalation vulnerability with the file system component in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37111: Memory leakage vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause memory exhaustion.

CVE-2021-37103: Improper permission management vulnerability in the HUAWEI Wallet app

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37097: OOM vulnerability with the system framework code in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause an OOM issue.

CVE-2021-37093: Improper access control vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37092: Memory leakage vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

CVE-2021-37075: Credential management vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37056: Improper permission control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

Acknowledgment: Zhang Qing, WuHeng Lab of Bytedance

CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37053: Service logic vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-37052: Exception log vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause address information leakage.

CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.

CVE-2021-37047: Input verification vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause some services to restart.

CVE-2021-37045: UAF vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.

CVE-2021-37044: Permission control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-37042: Improper verification vulnerability in some HUAWEI devices

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37041: Improper verification vulnerability in some HUAWEI devices

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.

CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37021: Improper verification vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37119: Service logic vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-37014: Integer overflow vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect the normal use of the device.

CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices

Severity: Low

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-37011: Improper verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-36999: Buffer overflow vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE-2021-36997: Low memory error in some HUAWEI devices due to the unlimited size of images to be parsed

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

Acknowledgment: eng Zhaoyang and Wei Qiang, Vulnerability Analysis Lab, Information Engineering University

CVE-2021-36995: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some HUAWEI devices due to race conditions

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0 Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE-2021-36991: Unauthorized file access vulnerability in some HUAWEI devices due to unstandardized path input

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE-2021-36990: Vulnerability of tampering with the kernel in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36989: Kernel crash vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36986: Vulnerability of tampering with the kernel in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36985: Code injection vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service stability and integrity.

CVE-2021-22491: Input verification vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22489: DoS vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

Acknowledgment: Elphet, 360 Alpha Lab

CVE-2021-22488: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Acknowledgment: Zhang Qing and Xia Guangshuai, WuHeng Lab of Bytedance

CVE-2021-22481: Verification errors in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22475: Improper permission management vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22469: Out-of-bounds memory read vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause the kernel to crash.

CVE-2021-22460: Boot restriction bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22420: Vulnerability of forging package names by implementing the getBasePackageName method in some HUAWEI devices

Severity: High

Affected versions: EMUI 9.1.1, EMUI 9.1.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect the normal use of system apps.

CVE-2021-22374: Out-of-bounds array access in the kernel of some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause stability risks.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22345: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.

CVE-2021-37120: Double free vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.

CVE-2021-37121: Configuration defects in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.

Acknowledgment: Zhang Qing from WuHeng Lab of Bytedance

CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause integer overflows.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue