July

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

Huawei is releasing monthly security updates for flagship models. This security update includes Android and Huawei patches:

This security update includes the CVE announced in the Android security bulletin.

Critical:none

High:CVE-2021-0599,CVE-2020-0417,CVE-2021-0586,CVE-2021-0587,CVE-2021-0588,CVE-2021-0589,CVE-2021-0590,CVE-2021-0594,CVE-2021-0596,CVE-2021-0597,CVE-2021-0486,CVE-2021-0600,CVE-2021-0601,CVE-2021-0604,CVE-2021-0603,CVE-2021-1931,CVE-2021-1955,CVE-2020-26555,CVE-2020-26558,CVE-2021-0478,CVE-2021-0512,CVE-2020-11267,CVE-2020-14305

Medium:CVE-2020-27170,CVE-2020-27171,CVE-2021-0534,CVE-2021-0535,CVE-2021-0537,CVE-2021-0538,CVE-2021-0539,CVE-2021-0541,CVE-2021-0542,CVE-2021-0544,CVE-2021-0545,CVE-2021-0546,CVE-2021-0547,CVE-2021-0548,CVE-2021-0549,CVE-2021-0553,CVE-2021-0555,CVE-2021-0556,CVE-2021-0557,CVE-2021-0558,CVE-2021-0559,CVE-2021-0561,CVE-2021-0562,CVE-2021-0564,CVE-2021-0567,CVE-2021-0569,CVE-2021-0570,CVE-2021-0572,CVE-2021-0606,CVE-2021-0605

Low: none

Already included in previous updates:CVE-2020-0267,CVE-2020-0265,CVE-2020-1971,CVE-2021-0563,CVE-2021-0368,CVE-2020-11254,CVE-2020-11293,CVE-2020-11279,CVE-2020-11285,CVE-2020-11289,CVE-2020-11294,CVE-2021-1910,CVE-2019-9426,CVE-2020-26558,CVE-2020-26555,CVE-2021-0536,CVE-2021-0529,CVE-2021-0530,CVE-2021-0526,CVE-2021-0532,CVE-2021-0533,CVE-2021-0525,CVE-2021-0527,CVE-2021-0528,CVE-2021-0531

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following Huawei patches:

CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22388: Out-of-bounds array access in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE-2021-36998: Improper verification vulnerability in some devices

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.

CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

CVE-2021-36996: Improper verification vulnerability in some Huawei devices

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.

CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE-2021-36993: Memory leaks in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-36992: Public key verification vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36989: Kernel crash vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36988: Parameter verification issues in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36985: Code injection vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE-2021-22491: Input verification vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22490: Permission verification vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect the device performance.

CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22486: Unstandardized field names in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause DoS.

CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.

CVE-2021-22481: Verification errors in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22475: Improper permission management vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22474: Out-of-bounds memory access in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2021-22473: Authentication vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22472: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22469: Out-of-bounds memory read vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the kernel to crash.

CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE-2021-22438: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22436: Logic bypass vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22435: Logic bypass vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22434: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22433: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22432: Vulnerability when configuring permission isolation in some Huawei phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22431: Vulnerability when configuring permission isolation in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-22429: Memory address out of bounds vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22426: Memory address out of bounds vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.

CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE-2021-22415: DoS vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause kernel exceptions with the code.

CVE-2021-22412: Out-of-bounds address access in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause random kernel address access.

CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22406: Remote DoS vulnerability with the MeeTime app

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.

CVE-2021-22405: Configuration defects in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22404: Directory traversal vulnerability in Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE-2021-22402: DoS vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause DoS attacks.

CVE-2021-22401: Remote DoS vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE-2021-22395: Code injection vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE-2021-22390: UAF vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22389: Kernel address rewrite vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-37001: Register tampering vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may allow the register value to be modified.

CVE-2021-37002: Memory out-of-bounds access vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22367: Logic bypass vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-37027: DoS vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-37009: Multi-user settings vulnerability in the system components of some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-33909: Privilege escalation vulnerability in the file system components of some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.