October

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates October 2023

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the September 2023 Android security bulletin:

Critical: CVE-2023-35658, CVE-2023-35673

High: CVE-2023-35679, CVE-2023-35687, CVE-2023-35669, CVE-2023-35667, CVE-2023-35677, CVE-2023-35666, CVE-2023-35684, CVE-2023-28584

Medium: none

Low: none

Already included in previous updates: CVE-2023-21284, CVE-2020-29374, CVE-2023-21251, CVE-2023-20942, CVE-2023-21189

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the CVE of other third-party library patches:

Critical: CVE-2023-4863

This security update includes the following HUAWEI patches:

CVE-2023-41295: Vulnerability of improper permission management in the displayengine module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the screen to turn dim.

CVE-2023-41304: Parameter verification vulnerability in the window module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.

CVE-2023-44093: Vulnerability of package names' public keys not being verified in the security module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44094: Type confusion vulnerability in the distributed file module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44095: Use-After-Free (UAF) vulnerability in the surfaceflinger module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability can cause system crash.

CVE-2023-44096: Vulnerability of brute-force attacks on the device authentication module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44097: Vulnerability of the permission to access device SNs being improperly managed

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44100: Broadcast permission control vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44102: Broadcast permission control vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.

CVE-2023-44103: Out-of-bounds read vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44104: Broadcast permission control vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44105: Vulnerability of permissions not being strictly verified in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44106: API permission management vulnerability in the Fwk-Display module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-44108: Type confusion vulnerability in the distributed file module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-44109: Clone vulnerability in the huks ta module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44110: Out-of-bounds access vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-44111: Vulnerability of brute-force attacks on the device authentication module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44114: Out-of-bounds array vulnerability in the dataipa module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44116: Vulnerability of access permissions not being strictly verified in the APPWidget module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVE-2023-44118: Vulnerability of undefined permissions in the MeeTime module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-44119: Vulnerability of mutual exclusion management in the kernel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue