May

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

Huawei is releasing monthly security updates for flagship models. This security update includes Android and Huawei patches:

This security update includes the CVE announced in the May 2021 Android security bulletin.

Critical:CVE-2021-0474,CVE-2021-0475,CVE-2021-0473

High:CVE-2020-11234,CVE-2020-15436,CVE-2020-25705,CVE-2021-0484,CVE-2021-0477,CVE-2021-0472,CVE-2021-0480,CVE-2021-0466,CVE-2021-0481,CVE-2021-0476

Medium:CVE-2021-0488,CVE-2020-11231,CVE-2020-5235,CVE-2020-29368, CVE-2017-14888,CVE-2018-11302,CVE-2018-5919,CVE-2018-11893,CVE-2018-11929,CVE-2018-11947,CVE-2018-11942,CVE-2018-11983,CVE-2018-11984,CVE-2018-11987,CVE-2018-11988,CVE-2018-12006,CVE-2018-13893,CVE-2019-2277,CVE-2019-2306,CVE-2019-2299,CVE-2019-2312,CVE-2019-2314,CVE-2019-2302,CVE-2019-10506,CVE-2018-13890,CVE-2019-10507,CVE-2019-10508,CVE-2019-10542,CVE-2019-10502,CVE-2018-11934,CVE-2019-2297,CVE-2019-10563,CVE-2019-10566,CVE-2018-11852,CVE-2018-11863,CVE-2018-11886,CVE-2018-11903,CVE-2018-5911,CVE-2018-11883,CVE-2019-10530,CVE-2019-14088,CVE-2019-10623,CVE-2019-10620,CVE-2019-10624,CVE-2019-14037,CVE-2020-3646,CVE-2019-10519,CVE-2019-10521,CVE-2019-10564,CVE-2019-14099,CVE-2020-11121,CVE-2020-11130,CVE-2020-11148,CVE-2020-11150,CVE-2019-2284

Low: none

Already included in previous updates:CVE-2020-0169,CVE-2020-0170,CVE-2020-0172,CVE-2020-0171,CVE-2020-0174,CVE-2020-0173,CVE-2020-0175,CVE-2019-9364,CVE-2021-0375,CVE-2020-0475, CVE-2020-0346, CVE-2020-0354, CVE-2020-0309,CVE-2020-0291,CVE-2020-0292,CVE-2021-0431,CVE-2021-0435,CVE-2021-0443,CVE-2021-0428,CVE-2020-27067,CVE-2019-2182,CVE-2020-0500,CVE-2020-27028,CVE-2020-0360,CVE-2021-0433,CVE-2021-0468,CVE-2019-9386, CVE-2019-9235,CVE-2019-9236,CVE-2019-9240,CVE-2019-9242,CVE-2019-9244,CVE-2019-9246,CVE-2019-9251,CVE-2019-9296,CVE-2019-9344,CVE-2019-9354,CVE-2019-9356

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following Huawei patches:

CVE-2021-22351: DoS vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.

CVE-2020-25685: Weak encryption algorithm vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.1,EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect normal use of the device.

CVE-2021-22374: Out-of-bounds array access in the kernel of some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause stability risks.

CVE-2021-22373: Logic bypass vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22372: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22371: Allowing arbitrary capture of call stacks in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22370: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22369: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2021-22368: Access control vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect normal use of the device.

CVE-2021-22367: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0 Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22354: Driver type confusion vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-22353: UAF security vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the kernel to restart.

CVE-2021-22352: Vulnerability of hijacking unverified providers in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE-2021-22375: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI11.0.0,Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22350: UAF security vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the device to crash and restart.

CVE-2021-22349: DoS vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of insufficient input verification may cause the system to restart.

CVE-2021-22348: UAF security vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause code to execute.

CVE-2021-22347: DoS vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause temporary DoS.

CVE-2021-22346: Improper permission management vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.

CVE-2021-22345: Improper verification vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.

CVE-2021-22344: DoS vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause temporary DoS.

CVE-2021-22343: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22326: Kernel space read/write vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22323: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2020-25686: Repeated DNS queries in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause service API leaks.

CVE-2021-22376: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI11.0.0,Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22380: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 9.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality and availability.

CVE-2020-25684: Improper verification vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect normal use of the device.