November

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the October 2022 Android security bulletin:

Critical: CVE-2022-25720

High: CVE-2022-20412, CVE-2022-20413, CVE-2022-20422, CVE-2022-20421, CVE-2021-0696, CVE-2021-0699, CVE-2021-0951, CVE-2022-20423

Medium: CVE-2021-39758, CVE-2022-20415, CVE-2022-25664, CVE-2022-25666, CVE-2022-20253, CVE-2022-20257, CVE-2022-20269, CVE-2022-20273, CVE-2022-20278, CVE-2022-20290, CVE-2022-20313, CVE-2022-20314, CVE-2022-20333, CVE-2022-20334

Low: none

Already included in previous updates: CVE-2022-20247, CVE-2022-20271, CVE-2022-20272, CVE-2022-20292, CVE-2022-20297, CVE-2022-20302, CVE-2022-20399, CVE-2021-0986

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-46851: Vulnerability of unstrict verification of the memory's security attribute in the DRM module

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability by attackers may cause the video playback to be abnormal.

CVE-2021-46852: Logic bypass vulnerability in the memory management module

Severity: Medium

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-44546: Vulnerability that the kernel module automatically frees the memory but does not clear the mapping

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2022-44547: UAF vulnerability in the Display Service module

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause Display Service to reset and restart.

CVE-2022-44548: Vulnerability of unstrict permission verification during Bluetooth pairing

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

CVE-2022-44549: Geofencing API access vulnerability in the LBS module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause third-party apps to access the geofencing API without authorization, affecting user confidentiality.

CVE-2022-44550: UAF vulnerability when traversing layers in the graphics display module

Severity: High

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-44551: Thread security vulnerability in the iaware module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2022-44552: Vulnerability of defects being introduced in the design process in the lock screen module

Severity: Medium

Affected versions: EMUI11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-44553: Vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause third-party apps to be activated periodically.

CVE-2022-44554: Unstrict permission verification vulnerability in the power module

Severity: Medium

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause the status of a module to be abnormal.

CVE-2022-44555: Service hijacking vulnerability in the DDMP/ODMF module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause service unavailability.

CVE-2022-44556: Missing parameter type validation in the DRM module

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-44557: Vulnerability of obtaining the read and write permissions on arbitrary system files in the SmartTrimProcessEvent module

Severity: High

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-44558: Mismatch between serialization and deserialization in the AMS module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-44559: Mismatch between serialization and deserialization in the AMS module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-44560: Intent redirection vulnerability in the launcher module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause launcher module data to be modified.

CVE-2022-44561: Permission verification vulnerability in the preset launcher module

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability allows unauthorized apps to add arbitrary widgets and shortcuts without interaction.

CVE-2022-44562: Mismatch between serialization and deserialization at the system framework layer

Severity: Medium

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2022-44563: Race condition vulnerability in SD upgrade mode

Severity: High

Affected versions: EMUI12.0.1, EMUI12.0.0, EMUI11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue