June

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

Huawei is releasing monthly security updates for flagship models. This security update includes Android and Huawei patches:

This security update includes the CVE announced in the June 2021 Android security bulletin.

Critical:CVE-2021-0516,CVE-2021-0507

High:CVE-2020-11292,CVE-2021-0504,CVE-2021-0508,CVE-2021-0509,CVE-2021-0510,CVE-2021-0511,CVE-2021-0506,CVE-2021-0517,CVE-2021-0520,CVE-2021-0521,CVE-2021-0522,CVE-2021-0523,CVE-2021-0505

Medium:none

Low: none

Already included in previous updates:CVE-2020-0009,CVE-2018-11985,CVE-2020-0478,CVE-2020-0473,CVE-2020-27054,CVE-2020-27046,CVE-2020-0298,CVE-2020-0299,CVE-2021-0446,CVE-2021-0487,CVE-2021-1906,CVE-2021-1905,CVE-2021-28663,CVE-2021-28664,CVE-2021-0493,CVE-2021-0494,CVE-2021-0495,CVE-2021-0496,CVE-2021-0497,CVE-2021-0498,CVE-2021-0491,CVE-2021-0490,CVE-2021-0489,CVE-2021-0492,CVE-2019-9358,CVE-2020-0359,CVE-2020-27059

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following Huawei patches:

CVE-2021-22388: Out-of-bounds array access in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2020-24587: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22445: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22444: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22443: Improper verification vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause random address access.

CVE-2021-22442: Improper verification of the integrity check result in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22438: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22435: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22434: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22433: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22432: Vulnerability when configuring permission isolation in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22431: Vulnerability when configuring permission isolation in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22430: Logic bypass vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22429: Memory address out of bounds vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22428: Race condition vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22427: Race condition vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22426: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22415: DoS vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause kernel exceptions with the code.

CVE-2021-22414: Stack overflow vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22413: Out-of-bounds memory write vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22412: Out-of-bounds address access in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause random kernel address access.

CVE-2021-22392: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.

CVE-2021-22391: Stack overflow vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22390: UAF vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22389: Kernel address rewrite vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22446: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22387: Deserialization vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may allow attempts to remotely execute commands.

CVE-2021-22386: Race condition vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22385: NFC-based connection authentication vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22384: Race condition vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22381: Bluetooth protocol stack vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause an infinite loop in DoS.

CVE-2021-22380: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22379: Integer overflow vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause DoS of Samgr.

CVE-2021-22376: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.

CVE-2021-22375: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.

CVE-2021-22370: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22367: Logic bypass vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22319: Improper verification vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause integer overflows.

CVE-2020-26558: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some Huawei phones/earphones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2020-26555: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some Huawei phones/earphones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2020-26147: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26146: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26145: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26144: Packet injection vulnerability due to the weaknesses found in the code in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26143: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26142: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26141: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26140: Packet injection vulnerability due to the weaknesses found in the code in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26139: Vulnerability of forwarding unverified packets in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-24588: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22447: Improper verification vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22448: Improper verification vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

CVE-2020-24586: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.