February

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the January 2023 Android security bulletin:

Critical: CVE-2022-22088, CVE-2022-41674

High: CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635

Medium: none

Low: none

Already included in previous updates: CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-48286: Unauthorized access vulnerability in the multi-screen collaboration module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48287: Logic bypass vulnerability in the HwContacts module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can affect integrity.

CVE-2022-48288: Lack of authentication and control for some APIs in the PackageManagerService module

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48289: Lack of authentication and control for some APIs in the PackageManagerService module

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48292: OOM vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48293: OOM vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48294: Improper authentification of the IHwAttestationService API

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48295: Improper authentification of the IHwAntiMalPlugin API

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can cause fake malware installation.

CVE-2022-48296: Improper permission management vulnerability in the SystemUI module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause users to receive misleading broadcasts from malicious apps, misleading them towards storage exceptions.

CVE-2022-48297: Vulnerability that the geo-fencing kernel code does not verify the length of the input data

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48298: Vulnerability that the geo-fencing kernel code does not verify the length of the input data

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48299: Improper API authentification in the WMS module

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48300: Improper API authentification in the WMS module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48301: API permission verification vulnerability in the app package management module

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may restore uninstalled pre-installed apps.

CVE-2022-48302: Improper API authentification in the AMS module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue