October

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the September 2022 Android security bulletin:

Critical: none

High: CVE-2022-20395, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990, CVE-2022-25314, CVE-2022-25704, CVE-2022-22095, CVE-2021-0697, CVE-2021-0871, CVE-2021-0942, CVE-2021-0943, CVE-2022-25670

Medium: CVE-2022-28388, CVE-2022-20254, CVE-2022-20268, CVE-2022-20274, CVE-2022-20308, CVE-2022-20325, CVE-2022-20331

Low: none

Already included in previous updates: CVE-2022-20361, CVE-2022-20082, CVE-2022-20081, CVE-2021-39765, CVE-2022-25657, CVE-2022-22082, CVE-2022-22083, CVE-2022-22084, CVE-2022-22085, CVE-2022-22086, CVE-2022-22087, CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-0946, CVE-2021-0947, CVE-2021-39815, CVE-2022-20122

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40017: Vunerability of not verifying the validity of the key's format in the HW_KEYMASTER module

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-46839: Lack of length check vulnerability in the HW_KEYMASTER module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers can construct malicious data and cause out-of-bounds access.

CVE-2021-46840: Out-of-bounds access vulnerability in parameter set verification of the HW_KEYMASTER module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers can construct malicious data and cause out-of-bounds access.

CVE-2022-38983: UAF vulnerability in the BT Hfp Client module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause arbitrary code execution.

CVE-2022-38984: Vulnerability of not verifying the data transferred by kernel space in the HIPP module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause out-of-bounds read, affecting confidentiality.

Acknowledgment: Wen Guanxing

CVE-2022-38985: Input verification vulnerability in the facial recognition module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38986: Vulnerability of bypassing the check of data transferred by kernel space in the HIPP module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability.

Acknowledgment: Wen Guanxing

CVE-2022-38998: Vulnerability of not verifying the data transferred by kernel space in the HISP module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause out-of-bounds read, affecting confidentiality.

Acknowledgment: Wen Guanxing

CVE-2022-39011: Vulnerability of bypassing the check of data transferred by kernel space in the HISP module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access to the HISP module.

Acknowledgment: Wen Guanxing

CVE-2022-41576: boot.sh script that can be modified by malicious programs in the rphone module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can cause irreversible program implantation on the user's device.

CVE-2022-41577: Vulnerability that kernel space does not verify the length of the data transferred by user space

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Out-of-bounds read may occur in the kernel, affecting device confidentiality and availability.

CVE-2022-41578: Out-of-bounds write vulnerability in the mptcp module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause attack programs to modify program information to implement root privilege escalation attacks.

CVE-2022-41580: Vulnerability of not verifying the read content in the HW_KEYMASTER module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers can construct malicious data and cause out-of-bounds access.

CVE-2022-41581: Vulnerability of not verifying the read content in the HW_KEYMASTER module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers can construct malicious data and cause out-of-bounds access.

CVE-2022-41582: Configuration defects.in the security module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-41583: Array out-of-bounds read vulnerability in the storage maintenance and debugging module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause some statistics of the module to be abnormal.

CVE-2022-41584: Out-of-bounds read vulnerability in the kernel module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause memory overwritting.

CVE-2022-41585: Out-of-bounds read vulnerability in the kernel module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause memory overwritting.

CVE-2022-41586: Untruncated data vulnerability in the communication framework module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-41587: Uncaptured exceptions in the home screen module

Severity: Medium

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect stability.

CVE-2022-41588: Service logic exception vulnerability in the home screen module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect integrity.

CVE-2022-41589: Interface misuse vulnerability in the Maple DFX stack module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can affect system services and device availability.

CVE-2022-41592: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41593: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41594: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41595: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41597: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41598: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41600: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41601: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41602: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.

CVE-2022-41603: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers with the root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.