June

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the May 2022 Android security bulletin:

Critical: none

High: CVE-2021-39670, CVE-2022-20004, CVE-2022-20005, CVE-2022-20011, CVE-2022-20112, CVE-2021-39662, CVE-2022-20114, CVE-2022-22057, CVE-2021-4083, CVE-2022-22068, CVE-2022-20009, CVE-2022-0847, CVE-2022-20008, CVE-2022-22064, CVE-2022-22065

Medium: CVE-2021-39700, CVE-2021-35098, CVE-2021-35084, CVE-2021-35085

Low: none

Already included in previous updates: CVE-2021-25477, CVE-2021-0796, CVE-2021-39772, CVE-2021-39791, CVE-2021-30351, CVE-2021-30308, CVE-2021-30314, CVE-2021-30309, CVE-2021-30317, CVE-2021-30322, CVE-2021-30326, CVE-2021-30328, CVE-2021-30329, CVE-2021-30331, CVE-2021-30332, CVE-2021-30333

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-46812: Device manager vulnerability in the multi-device task center

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can affect integrity.

CVE-2021-46811: Improper permission management vulnerability in the HwSEServiceAPP module

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to the acquisition of CPLC information.

CVE-2021-40021: Out-of-bounds memory write in the eID module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40022: Missing parameter type validation in the weaver module

Severity: Critical

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40014: Information management error vulnerability in the bone voice ID TA

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40006: Security risk of brute force cracking in the fingerprint sensor module

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-31751: Multi-thread competition for resources in the kernel emcom module

Severity: Critical

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31757: Interface misuse vulnerability in the Settings module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-31763: Null pointer and out-of-bounds array vulnerabilities in the kernel module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31760: Dialog box being displayed when the screen is locked in the carrier-customized USSD service

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2022-31758: Race condition vulnerability in the kernel module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-46814: Out-of-bounds memory read and write vulnerability in the video framework

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31753: Vulnerability of using externally-controlled format strings in the voice wakeup module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31754: Logical defects in code implementation in some products

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect the availability of some features.

CVE-2021-46813: Vulnerability of residual files not being deleted after an update in the ChinaDRM module

Severity: Critical

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

Acknowledgment: Wen Guanxing

CVE-2021-46789: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31761: Configuration defects in the secure OS module

Severity: High

Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-29793: Configuration defects in the activation lock of the mobile phone

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, Magic UI 3.1.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-31755: Improper preservation of permissions vulnerability in the communications module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31759: Uninitialized pointer access vulnerability in the AppLink

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2022-31762: Input verification vulnerability in the AMS module

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will cause unauthorized operations.

CVE-2022-31752: Missing authorization vulnerability in the system components

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-31756: Design defects in the fingerprint sensor module

Severity: High

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.