June

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the May 2023 Android security bulletin:

Critical: none

High: CVE-2023-21109, CVE-2023-20914, CVE-2023-21103, CVE-2023-21111, CVE-2023-21118, CVE-2023-21665, CVE-2023-21666, CVE-2022-46891, CVE-2021-0877

Medium: CVE-2023-21116

Low: none

Already included in previous updates: CVE-2023-21085, CVE-2023-20909, CVE-2023-20967, CVE-2023-21080, CVE-2023-21081, CVE-2023-21082, CVE-2023-21083, CVE-2023-21089, CVE-2023-21092, CVE-2023-21094, CVE-2023-21097, CVE-2023-21098, CVE-2023-21099, CVE-2023-20950

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-48486: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48487: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48488: Vulnerability of bypassing the default desktop security controls

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

CVE-2022-48489: Configuration defects in the secure OS module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48490: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48491: Vulnerability of missing authentication on certain HUAWEI phones

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

CVE-2022-48492: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48493: Configuration defects in the secure OS module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48494: Vulnerability of lax app identity verification in the pre-authorization function

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48495: Vulnerability of unauthorized access to foreground app information

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause foreground app information to be obtained.

CVE-2022-48496: Vulnerability of lax app identity verification in the pre-authorization function

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2022-48497: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48498: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48499: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48500: Configuration defects in the secure OS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48501: Configuration defects in the secure OS module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-31226: Improper permission verification vulnerability in the SDK on which the MediaPlaybackController module depends

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-34155: Vulnerability of unauthorized calling on HUAWEI phones and tablets

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-34156: Vulnerability of services denied by early fingerprint APIs on HarmonyOS products

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause services to be denied.

CVE-2023-34158: Vulnerability of public APIs and methods in WindowManageServices being called by malicious third-party apps

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access by third-party apps.

CVE-2023-34159: Improper permission control vulnerability in the Notepad app

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

CVE-2023-34160: Vulnerability of public APIs and methods in WindowManageServices being called by malicious third-party apps

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access by third-party apps.

CVE-2023-34161: Inappropriate authorization vulnerability in the SettingsProvider module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34162: Version update determination vulnerability in the user profile module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.

CVE-2023-34163: Permission control vulnerability in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34166: Vulnerability of system restart triggered by abnormal callbacks passed to APIs

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-34167: Vulnerability of spoofing trustlists of HUAWEI desktop

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.