December

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
For a better user experience, please use the latest version of Internet Explorer or switch to another browser.
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI Pura 70 Ultra
HUAWEI Pura 70 Pro
HUAWEI Pura 70
Quick View
Smartphone
PC
Tablet
Wearable
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates December 2023

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the November 2023 Android security bulletin:

Critical: none

High: CVE-2023-40104, CVE-2023-40111, CVE-2023-40112, CVE-2023-40110, CVE-2023-40114, CVE-2023-40105, CVE-2023-40106, CVE-2023-40109, CVE-2023-40115, CVE-2023-40100, CVE-2023-33031, CVE-2023-33055, CVE-2023-33059

Medium: CVE-2023-28572, CVE-2023-28553

Low: none

Already included in previous updates: CVE-2022-29824, CVE-2023-21253, CVE-2021-44828, CVE-2022-28348, CVE-2023-33200, CVE-2023-4211, CVE-2023-21237, CVE-2022-20264, CVE-2022-27404, CVE-2023-21295, CVE-2023-21308, CVE-2023-21311, CVE-2023-21319, CVE-2023-21320, CVE-2023-21326, CVE-2023-21331, CVE-2023-21344, CVE-2023-21346, CVE-2023-21348, CVE-2023-21349, CVE-2023-21355, CVE-2023-21369, CVE-2023-21372, CVE-2023-21388

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-44099: Vulnerability of data verification errors in the kernel module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause WLAN interruption.

CVE-2023-44113: Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46773: Permission management vulnerability in the PMS module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2023-49239: Unauthorized access vulnerability in the card management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49240: Unauthorized access vulnerability in the launcher module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49241: API permission control vulnerability in the network management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49242: Free broadcast vulnerability in the running management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49243: Vulnerability of unauthorized access to email attachments in the email module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49244: Permission management vulnerability in the multi-user module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49245: Unauthorized access vulnerability in the HUAWEI Share module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49246: Unauthorized access vulnerability in the card management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49247: Permission verification vulnerability in distributed scenarios

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49248: Vulnerability of unauthorized file access in the Settings app

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause unauthorized file access.

CVE-2023-6273: Permission management vulnerability in the module for disabling Sound Booster

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue