December

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the November 2021 Android security bulletin:

Critical: CVE-2021-0802, CVE-2021-0930

High: CVE-2021-0845, CVE-2021-0748, CVE-2021-0862, CVE-2020-13871, CVE-2021-0650, CVE-2021-0653, CVE-2021-0926, CVE-2021-0928, CVE-2021-0931, CVE-2021-0932, CVE-2021-0933, CVE-2021-0920, CVE-2021-1048, CVE-2021-0927

Medium: CVE-2021-0839, CVE-2021-0848, CVE-2021-0758, CVE-2021-0773, CVE-2021-0787, CVE-2021-0793, CVE-2021-0814, CVE-2021-0767, CVE-2021-0853, CVE-2021-0831, CVE-2021-0790, CVE-2021-0786, CVE-2021-0783, CVE-2021-0771, CVE-2021-0719, CVE-2021-0729, CVE-2021-0733, CVE-2021-0741, CVE-2021-0751, CVE-2021-0754, CVE-2021-0760, CVE-2021-0740, CVE-2021-0812, CVE-2021-0818, CVE-2021-0842, CVE-2021-0829, CVE-2021-0809, CVE-2021-0810, CVE-2021-0811, CVE-2021-0776, CVE-2021-0817, CVE-2021-0819, CVE-2021-0919, CVE-2021-30265, CVE-2021-30263, CVE-2018-25015

Low: none

Already included in previous updates: CVE-2021-0938

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the CVE of other third-party library patches:

High: CVE-2021-40490, CVE-2013-0894, CVE-2021-32399, CVE-2020-22025, CVE-2020-22037, CVE-2020-22026, CVE-2020-17541

Medium: CVE-2021-3753, CVE-2020-10135, CVE-2021-3635, CVE-2021-3566, CVE-2020-22056, CVE-2020-22043, CVE-2020-22039, CVE-2020-22028, CVE-2020-22044, CVE-2020-22020, CVE-2020-22051, CVE-2020-22049, CVE-2020-22040, CVE-2020-22019, CVE-2020-22038, CVE-2020-22046, CVE-2019-17539

This security update includes the following HUAWEI patches:

CVE-2021-37118: Man-in-the-middle (MITM) attack vulnerability when using HUAWEI Share in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 9.1.0, EMUI 9.1.1, EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, Magic UI 2.1.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39993: Integer overflow vulnerability with ACPU

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39974: Out-of-bounds read in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37133: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37125: Input verification absence in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39996: Heap-based buffer overflow vulnerability with the NFC module

Severity: High

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause memory overflow.

CVE-2021-37112: Incomplete device version verification vulnerability due to the integrity protection defects of the PC version of HiSuite in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.0.0, Magic UI 9.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-37096: Input verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37074: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37069: Race condition vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39998: Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 11.0.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-37043: Vulnerability of not performing strong foreground authentication on the caller in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 9.1.0, EMUI 9.1.1, EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, Magic UI 2.1.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious application processes to keep alive, which occupies system resources and affects system availability.