May

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates May 2023

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the April 2023 Android security bulletin:

Critical: none

High: CVE-2022-40503, CVE-2022-36449, CVE-2022-38181, CVE-2022-41757, CVE-2022-42716, CVE-2021-0872, CVE-2021-0873, CVE-2021-0874, CVE-2021-0875, CVE-2021-0876, CVE-2021-0878, CVE-2021-0879, CVE-2021-0880, CVE-2021-0881, CVE-2021-0882, CVE-2021-0883, CVE-2021-0884, CVE-2021-0885, CVE-2023-20941

Medium: CVE-2023-0266

Low: none

Already included in previous updates: CVE-2023-20906, CVE-2023-20951, CVE-2023-20952, CVE-2023-20954, CVE-2023-20955, CVE-2022-25712, CVE-2022-33245, CVE-2023-21065, CVE-2023-21019, CVE-2023-21018, CVE-2022-20532, CVE-2022-20542, CVE-2023-20996, CVE-2023-20997, CVE-2023-20998, CVE-2023-20999, CVE-2023-21034, CVE-2023-21016, CVE-2023-21024, CVE-2023-21020, CVE-2023-21021, CVE-2023-20994, CVE-2023-21025, CVE-2023-21032

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-46881: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: Critical

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-46882: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: Critical

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-46883: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: Critical

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-46884: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: Critical

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-46885: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-46886: Memory overwriting vulnerability caused by addition overflow in the video framework

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability can affect availability.

CVE-2021-46887: Lack of length check vulnerability in the HW_KEYMASTER module

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2022-48480: Integer overflow vulnerability in some phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-0116: Vulnerability of missing authentication for some received broadcasts in the reminder module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-0117: Vulnerability of unstrict app identity verification in the online authentication function of the hwKitAssistant module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect the availability of some features, such as MeeTime.

CVE-2023-31225: Service hijacking vulnerability in the Gallery app

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Attackers can use malicious apps to spoof services, which may cause download failures and affect availability.

CVE-2023-31226: Improper permission verification vulnerability in the SDK on which the MediaPlaybackController module depends

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-31227: Vulnerability of missing API calling verification in the hwPartsDFR module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Attackers can exploit this vulnerability by using reflection for API calling, affecting device confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue