HUAWEI EMUI/Magic UI security updates February 2023
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following third-party library patches:
This security update includes the CVE announced in the January 2023 Android security bulletin:
Critical: CVE-2022-22088, CVE-2022-41674
High: CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635
Medium: none
Low: none
Already included in previous updates: CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793
※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2022-48286: Unauthorized access vulnerability in the multi-screen collaboration module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48287: Logic bypass vulnerability in the HwContacts module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability can affect integrity.
CVE-2022-48288: Lack of authentication and control for some APIs in the PackageManagerService module
Severity: Medium
Affected versions: EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48289: Lack of authentication and control for some APIs in the PackageManagerService module
Severity: Medium
Affected versions: EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48292: OOM vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48293: OOM vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48294: Improper authentification of the IHwAttestationService API
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48295: Improper authentification of the IHwAntiMalPlugin API
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability can cause fake malware installation.
CVE-2022-48296: Improper permission management vulnerability in the SystemUI module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause users to receive misleading broadcasts from malicious apps, misleading them towards storage exceptions.
CVE-2022-48297: Vulnerability that the geo-fencing kernel code does not verify the length of the input data
Severity: Medium
Affected versions: EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2022-48298: Vulnerability that the geo-fencing kernel code does not verify the length of the input data
Severity: Medium
Affected versions: EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2022-48299: Improper API authentification in the WMS module
Severity: Medium
Affected versions: EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48300: Improper API authentification in the WMS module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-48301: API permission verification vulnerability in the app package management module
Severity: High
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may restore uninstalled pre-installed apps.
CVE-2022-48302: Improper API authentification in the AMS module
Severity: Medium
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
- en