March

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the February 2023 Android security bulletin:

Critical: CVE-2022-33243

High: CVE-2022-20455, CVE-2022-20481, CVE-2022-43680, CVE-2023-20932, CVE-2023-20933, CVE-2023-20939, CVE-2023-20943, CVE-2023-20944, CVE-2023-20945, CVE-2023-20946, CVE-2022-39842, CVE-2022-0850, CVE-2023-20602

Medium: CVE-2022-25711

Low: none

Already included in previous updates: CVE-2023-20908, CVE-2022-42544, CVE-2022-20199, CVE-2022-20555

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-46315: Vulnerability of defects introduced in the design process in the Profile SDK

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48291: Pairing authentication bypass vulnerability in the Bluetooth module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can affect confidentiality.

CVE-2022-48346: Logic bypass vulnerability in the HwContacts module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48347: Unstrict permission verification vulnerability in the MediaProvider module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48348: Unauthorized read vulnerability in the MediaProvider module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVE-2022-48349: Spoofing vulnerability in control components

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2022-48350: Unauthorized file access vulnerability in the HUAWEI Messaging app

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48351: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48352: Data initialization issues on certain phones

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can cause system panic.

CVE-2022-48353: Configuration issues on certain phones

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can cause unauthorized kernel access, resulting in system service exceptions.

Acknowledgment: Wen Guanxing

CVE-2022-48354: Heap out-of-bounds write vulnerability in the Bluetooth module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can cause Bluetooth crashes.

CVE-2022-48355: Heap out-of-bounds write vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can cause Bluetooth crashes.

CVE-2022-48356: Unstrict input parameter verification vulnerability in the facial recognition module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can cause facial recognition to be unavailable.

CVE-2022-48357: Double Fetch vulnerability in some products

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause kernel DoS.

CVE-2022-48358: Abnormal redirection vulnerability in BatteryHealthActivity

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability by a malicious app can cause service exceptions.

CVE-2022-48359: Arbitrary disk modification vulnerability exists in the recovery mode

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48360: File permission control detects in the facial recognition module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48361: AOD theme file path traversal vulnerability

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause AOD theme resources to fail to be read.

CVE-2023-26547: Vulnerability of serialization/deserialization mismatch in the InputMethod module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may lead to privilege escalation.

CVE-2023-26548: Serialization/Deserialization mismatch vulnerability in the pgmng module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-26549: Vulnerability of repeated app restart due to improper parameters in the SystemUI module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.