August

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the July 2022 Android security bulletin:

Critical: CVE-2022-20222, CVE-2022-20229

High: CVE-2022-20221, CVE-2022-20223, CVE-2022-20224, CVE-2022-20225, CVE-2022-20226, CVE-2022-20228, CVE-2022-20230, CVE-2022-20220, CVE-2022-20227, CVE-2022-22058

Medium: none

Low: none

Already included in previous updates: CVE-2022-20124, CVE-2022-20129, CVE-2022-20138, CVE-2022-20144, CVE-2022-20194, CVE-2022-20198, CVE-2022-20209, CVE-2018-25020, CVE-2021-44733, CVE-2021-33034, CVE-2022-20154, CVE-2021-35073, CVE-2021-35076, CVE-2021-35086, CVE-2021-35096, CVE-2021-30340, CVE-2021-30343, CVE-2021-30347, CVE-2022-20123, CVE-2022-20127, CVE-2022-20131, CVE-2022-20147, CVE-2022-21745

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40040: Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module

Severity: Critical

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40034: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-40030: Vulnerability of defects being introduced in the design process in the My HUAWEI app

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40012: Vulnerability of pointers being incorrectly used during data transmission in the video framework

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-37004: OOBE bypass vulnerability in Settings

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-37005: Argument injection vulnerability in Settings

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-46741: Vulnerability of defects being introduced in the design process in the basic framework and settings module

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability will affect integrity.

CVE-2022-37007: Out-of-bounds read vulnerability in the ChinaDRM module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-37008: Vulnerability of the update package not being verified before used in the recovery module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect system stability.

CVE-2022-37002: Unauthorized access vulnerability in the SystemUI module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability can cause malicious applications to run or display pop-ups in the background.

CVE-2022-34742: Read/Write vulnerability in system components

Severity: High

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-37003: Incorrect permission assignment vulnerability in the AOD lock screen module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will cause files in the directory to be read and written, resulting in privilege escalation.

CVE-2022-37006: Permission control vulnerability in the network module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.