April

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI Mate X6
HUAWEI nova 13 Pro
HUAWEI FreeBuds Pro 4
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates April 2022

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the March 2022 Android security bulletin:

Critical: none

High: CVE-2021-39667, CVE-2021-39692, CVE-2021-39695, CVE-2021-39697, CVE-2021-39703, CVE-2021-39704, CVE-2021-39706, CVE-2021-39707, CVE-2021-39686, CVE-2021-35105, CVE-2022-20053, CVE-2021-39698, CVE-2021-39685, CVE-2021-3655, CVE-2021-35088, CVE-2021-35103, CVE-2021-35106, CVE-2021-35117

Medium: CVE-2021-30299, CVE-2021-33624, CVE-2021-37159, CVE-2021-39711, CVE-2021-39714, CVE-2021-39792, CVE-2021-41864, CVE-2021-43975, CVE-2021-22600

Low: none

Already included in previous updates: CVE-2021-40490, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890, CVE-2021-40148, CVE-2021-0987, CVE-2021-1005, CVE-2021-1014, CVE-2021-1015

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-22258: Event notification vulnerability in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation-of-privilege.

CVE-2022-22257: Vulnerability of improper permission control in the customization framework

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect integrity.

CVE-2022-22256: Vulnerability of improper access control in the DFX module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-22255: Common DoS vulnerability in the application framework

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-22254: Permission bypass vulnerability when the CAs in the NFC module accesses the TEE

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-22253: Vulnerability of improper validation of integrity check values in the DFX module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22252: UAF vulnerability in the DFX module

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect system stability.

CVE-2021-46742: Unauthorized insertion and tampering of settings secure data in the multi-window module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2021-46740: Vulnerability of defects being introduced in the design process in the device authentication service module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40065: Service logic error vulnerability in the communication module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue