November

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the October 2021 Android security bulletin.

Critical: CVE-2021-0870, CVE-2020-11264

High: CVE-2020-15358, CVE-2021-0483, CVE-2021-0652, CVE-2021-0706, CVE-2021-0708, CVE-2021-0651, CVE-2021-0705, CVE-2021-0643, CVE-2021-0702, CVE-2021-0703, CVE-2021-30306, CVE-2021-30305, CVE-2021-27666, CVE-2021-29647, CVE-2020-29660, CVE-2021-1977, CVE-2020-24588, CVE-2021-1980, CVE-2020-24587, CVE-2020-26141, CVE-2020-26145, CVE-2020-26146

Medium: CVE-2021-0941, CVE-2021-31916, CVE-2021-1966, CVE-2021-0936, CVE-2021-1969, CVE-2021-0935, CVE-2021-1967, CVE-2019-25045, CVE-2021-0937

Low: none

Already included in previous updates: CVE-2021-0691, CVE-2021-1891, CVE-2021-1927, CVE-2020-27786, CVE-2020-29661, CVE-2020-25656, CVE-2020-27825

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the CVE of other third-party library patches:

High: CVE-2021-32399, CVE-2020-17541

Medium: CVE-2020-14314, CVE-2019-20934, CVE-2020-25641, CVE-2020-35508, CVE-2020-12352, CVE-2020-24490, CVE-2021-3564, CVE-2021-0129

This security update includes the following HUAWEI patches:

CVE-2021-37118: Man-in-the-middle (MITM) attack vulnerability when using HUAWEI Share in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 9.1.0, EMUI 9.1.1, Magic UI 2.1.1, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-36988: Input verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 9.1.0, Magic UI 3.0.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may result in code execution.

CVE-2021-39969: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39967: Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39966: Uninitialized AOD driver structure in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 11.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37133: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 9.1.0, EMUI 9.1.1, Magic UI 2.1.1, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Acknowledgment: Zhang Qing (ByteDance), Wang Kailong (NUS), and Bai Guang Dong (UQ)

CVE-2021-37126: Unstrict URI verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.1, EMUI 9.1.1, Magic UI 2.1.1, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause directory traversal attacks and affect confidentiality.

CVE-2021-37125: Input verification absence in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39973: Null pointer dereference in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause the kernel to break down.

CVE-2021-37112: Incomplete device version verification vulnerability due to the integrity protection defects of the PC version of HiSuite in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-37110: Timing design defects in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37096: Input verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37074: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37069: Race condition vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37039: Input verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 11.0.0, Magic UI 3.1.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause Bluetooth DoS.

CVE-2021-39974: Out-of-bounds read in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39978: Security verification absence in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22481: Verification errors in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 11.0.1, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue