August

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates August 2022

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the July 2022 Android security bulletin:

Critical: CVE-2022-20222, CVE-2022-20229

High: CVE-2022-20221, CVE-2022-20223, CVE-2022-20224, CVE-2022-20225, CVE-2022-20226, CVE-2022-20228, CVE-2022-20230, CVE-2022-20220, CVE-2022-20227, CVE-2022-22058

Medium: none

Low: none

Already included in previous updates: CVE-2022-20124, CVE-2022-20129, CVE-2022-20138, CVE-2022-20144, CVE-2022-20194, CVE-2022-20198, CVE-2022-20209, CVE-2018-25020, CVE-2021-44733, CVE-2021-33034, CVE-2022-20154, CVE-2021-35073, CVE-2021-35076, CVE-2021-35086, CVE-2021-35096, CVE-2021-30340, CVE-2021-30343, CVE-2021-30347, CVE-2022-20123, CVE-2022-20127, CVE-2022-20131, CVE-2022-20147, CVE-2022-21745

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40040: Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module

Severity: Critical

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40034: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-40030: Vulnerability of defects being introduced in the design process in the My HUAWEI app

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40012: Vulnerability of pointers being incorrectly used during data transmission in the video framework

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-37004: OOBE bypass vulnerability in Settings

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-37005: Argument injection vulnerability in Settings

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-46741: Vulnerability of defects being introduced in the design process in the basic framework and settings module

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability will affect integrity.

CVE-2022-37007: Out-of-bounds read vulnerability in the ChinaDRM module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-37008: Vulnerability of the update package not being verified before used in the recovery module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect system stability.

CVE-2022-37002: Unauthorized access vulnerability in the SystemUI module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability can cause malicious applications to run or display pop-ups in the background.

CVE-2022-34742: Read/Write vulnerability in system components

Severity: High

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-37003: Incorrect permission assignment vulnerability in the AOD lock screen module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will cause files in the directory to be read and written, resulting in privilege escalation.

CVE-2022-37006: Permission control vulnerability in the network module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue