September

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the August 2022 Android security bulletin:

Critical: none

High: CVE-2021-39696, CVE-2022-20344, CVE-2022-20346, CVE-2022-20347, CVE-2022-20348, CVE-2022-20349, CVE-2022-20350, CVE-2022-20355, CVE-2022-20358, CVE-2022-22080

Medium: CVE-2021-3609, CVE-2022-1055, CVE-2022-20158, CVE-2022-20368, CVE-2022-20371, CVE-2022-27666, CVE-2022-29581

Low: none

Already included in previous updates: CVE-2022-20219, CVE-2022-21744, CVE-2022-20083, CVE-2022-20126, CVE-2022-20133, CVE-2021-35102, CVE-2021-35120, CVE-2021-30318, CVE-2021-1942, CVE-2021-35104

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40019: Out-of-bounds heap read vulnerability in the HW_KEYMASTER module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-40023: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40024: Information leakage vulnerability in the interface implementation of the WLAN module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-46836: Information leakage vulnerability in the interface implementation of the WLAN module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38978: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38979: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38987: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-38988: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38989: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-38990: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-38991: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38992: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38993: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-38994: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38995: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-38996: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2022-38997: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-38999: Improper update of reference count vulnerability in the AOD module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect integrity, confidentiality, and availability.

CVE-2022-39000: Malicious app control vulnerability in the iAware module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

CVE-2022-39001: Path traversal vulnerability in the number identification module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will cause data leakage.

CVE-2022-39002: Double free vulnerability in the storage module

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will cause the memory to be freed twice.

CVE-2022-39003: Buffer overflow vulnerability in the video framework

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability will affect the confidentiality and integrity of trusted components.

CVE-2022-39004: Memory leak vulnerability in the MPTCP module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can cause memory leak.

CVE-2022-39005: Memory leak vulnerability in the MPTCP module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can cause memory leak.

CVE-2022-39006: Race condition vulnerability in the MPTCP module

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2022-39007: Permission verification bypass vulnerability in the Location module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may lead to privilege escalation.

CVE-2022-39008: Bundle serialization/deserialization mismatch vulnerability in the NFC module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to read and write arbitrary system app files.

CVE-2022-39009: Permission verification vulnerability in the WLAN module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions.

CVE-2022-39010: Permission control vulnerability in the HwChrService module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to obtain the user network information.

CVE-2020-36600: Out-of-bounds write vulnerability in the power consumption module

Severity: High

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause the system to restart.

Acknowledgment: Wen Guanxing

CVE-2020-36601: Out-of-bounds write vulnerability in the kernel modules

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause a panic reboot.

Acknowledgment: Wen Guanxing