May

HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:

This security update includes the CVE announced in the May 2021 Android security bulletin.

Critical:CVE-2021-0474,CVE-2021-0475,CVE-2021-0473

High:CVE-2020-11234,CVE-2020-15436,CVE-2020-25705,CVE-2021-0484,CVE-2021-0477,CVE-2021-0472,CVE-2021-0480,CVE-2021-0466,CVE-2021-0481,CVE-2021-0476

Medium:CVE-2021-0488,CVE-2020-11231,CVE-2020-5235,CVE-2020-29368, CVE-2017-14888,CVE-2018-11302,CVE-2018-5919,CVE-2018-11893,CVE-2018-11929,CVE-2018-11947,CVE-2018-11942,CVE-2018-11983,CVE-2018-11984,CVE-2018-11987,CVE-2018-11988,CVE-2018-12006,CVE-2018-13893,CVE-2019-2277,CVE-2019-2306,CVE-2019-2299,CVE-2019-2312,CVE-2019-2314,CVE-2019-2302,CVE-2019-10506,CVE-2018-13890,CVE-2019-10507,CVE-2019-10508,CVE-2019-10542,CVE-2019-10502,CVE-2018-11934,CVE-2019-2297,CVE-2019-10563,CVE-2019-10566,CVE-2018-11852,CVE-2018-11863,CVE-2018-11886,CVE-2018-11903,CVE-2018-5911,CVE-2018-11883,CVE-2019-10530,CVE-2019-14088,CVE-2019-10623,CVE-2019-10620,CVE-2019-10624,CVE-2019-14037,CVE-2020-3646,CVE-2019-10519,CVE-2019-10521,CVE-2019-10564,CVE-2019-14099,CVE-2020-11121,CVE-2020-11130,CVE-2020-11148,CVE-2020-11150,CVE-2019-2284

Low: none

Already included in previous updates:CVE-2020-0169,CVE-2020-0170,CVE-2020-0172,CVE-2020-0171,CVE-2020-0174,CVE-2020-0173,CVE-2020-0175,CVE-2019-9364,CVE-2021-0375,CVE-2020-0475, CVE-2020-0346, CVE-2020-0354, CVE-2020-0309,CVE-2020-0291,CVE-2020-0292,CVE-2021-0431,CVE-2021-0435,CVE-2021-0443,CVE-2021-0428,CVE-2020-27067,CVE-2019-2182,CVE-2020-0500,CVE-2020-27028,CVE-2020-0360,CVE-2021-0433,CVE-2021-0468,CVE-2019-9386, CVE-2019-9235,CVE-2019-9236,CVE-2019-9240,CVE-2019-9242,CVE-2019-9244,CVE-2019-9246,CVE-2019-9251,CVE-2019-9296,CVE-2019-9344,CVE-2019-9354,CVE-2019-9356

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-22351: DoS vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.

CVE-2020-25685: Weak encryption algorithm vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.1,EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect normal use of the device.

CVE-2021-22374: Out-of-bounds array access in the kernel of some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause stability risks.

CVE-2021-22373: Logic bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22372: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22371: Allowing arbitrary capture of call stacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22369: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2021-22368: Access control vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect normal use of the device.

CVE-2021-22367: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0 Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22354: Driver type confusion vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-22353: UAF security vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the kernel to restart.

CVE-2021-22352: Vulnerability of hijacking unverified providers in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE-2021-22375: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI11.0.0,Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22350: UAF security vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the device to crash and restart.

CVE-2021-22349: DoS vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of insufficient input verification may cause the system to restart.

CVE-2021-22348: UAF security vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause code to execute.

CVE-2021-22347: DoS vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause temporary DoS.

CVE-2021-22346: Improper permission management vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.

Acknowledgment: Zhang Qing, WuHeng Lab of Bytedance

CVE-2021-22345: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.

CVE-2021-22344: DoS vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause temporary DoS.

CVE-2021-22343: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22326: Kernel space read/write vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22323: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2020-25686: Repeated DNS queries in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause service API leaks.

CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI11.0.0,Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.

CVE-2021-22380: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 9.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality and availability.

Acknowledgment: Mathy Vanhoef, New York University Abu Dhabi

CVE-2020-25684: Improper verification vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect normal use of the device.