February

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the January 2022 Android security bulletin:

Critical: none

High: CVE-2021-39620, CVE-2021-39623, CVE-2021-39629, CVE-2021-39632, CVE-2021-39659, CVE-2021-30353, CVE-2021-30319

Medium: CVE-2021-30313

Low: none

Already included in previous updates: CVE-2021-0956, CVE-2021-0769, CVE-2021-0978, CVE-2021-0979, CVE-2021-0981, CVE-2021-0993, CVE-2021-0996, CVE-2021-0997, CVE-2021-1001, CVE-2021-1002, CVE-2021-1003, CVE-2021-1016, CVE-2021-1017, CVE-2021-1018, CVE-2021-1019, CVE-2021-1023, CVE-2021-1025, CVE-2021-39657, CVE-2021-30262, CVE-2021-0675, CVE-2021-0961, CVE-2021-0922, CVE-2020-0347, CVE-2021-0717, CVE-2021-1030, CVE-2021-1031, CVE-2021-0977

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the CVE of other third-party library patches:

High: CVE-2021-3760, CVE-2021-32484, CVE-2021-32485, CVE-2021-32486, CVE-2021-32487

Medium: CVE-2021-0356, CVE-2021-0359, CVE-2021-0360, CVE-2021-0358, CVE-2021-0357

This security update includes the following HUAWEI patches:

CVE-2021-39992: Improper security permission configuration vulnerability on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-40015: Race condition vulnerability in the binder driver subsystem in the kernel

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect kernel stability.

CVE-2021-39997: Vulnerability of unstrict input parameter verification in the audio assembly

Severity: Critical

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39994: Arbitrary address access vulnerability with the product line test code

Severity: Critical

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-40044: Permission verification vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause unauthorized operations.

CVE-2021-39991: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39986: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37115: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37109: Security protection bypass vulnerability with the modem

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause memory protection failure.

CVE-2021-40045: Vulnerability of signature verification mechanism failure in system upgrade through recovery mode

Severity: Critical

Affected versions: EMUI12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37107: Improper memory access permission configuration on ACPU

Severity: High

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.