July

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the June 2023 Android security bulletin:

Critical: CVE-2023-21108, CVE-2023-21127

High: CVE-2023-21129, CVE-2023-21131, CVE-2023-21136, CVE-2023-21137, CVE-2023-21143, CVE-2023-21144, CVE-2023-21135, CVE-2023-21124, CVE-2023-21121, CVE-2023-21138, CVE-2023-21115, CVE-2023-21657, CVE-2022-28349, CVE-2021-0701, CVE-2021-0945, CVE-2023-21656, CVE-2023-21669

Medium: none

Low: none

Already included in previous updates: none

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40014: Information management error vulnerability in the bone voice ID TA

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40027: Vulnerability of buffer length calculation error in the bone voice ID TA

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40032: Information management error vulnerability in the bone voice ID TA

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-46890: Vulnerability of incomplete read and write permission verification in the GPU module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46891: Vulnerability of incomplete read and write permission verification in the GPU module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46892: Encryption bypass vulnerability in Maintenance mode

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-46893: Vulnerability of unstrict data verification and parameter check

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect integrity.

CVE-2021-46894: Use After Free (UAF) vulnerability in the uinput module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may lead to kernel privilege escalation.

CVE-2022-48507: Vulnerability of identity verification being bypassed in the storage module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48508: Inappropriate authorization vulnerability in the system apps

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2022-48509: Race condition vulnerability due to multi-thread access to mutually exclusive resources in HUAWEI Share

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the program to exit abnormally.

CVE-2022-48510: Input verification vulnerability in the AMS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause unauthorized operations.

CVE-2022-48511: Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause audio features to perform abnormally.

CVE-2022-48512: Use After Free (UAF) vulnerability in the Vdecoderservice service

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

CVE-2022-48513: Vulnerability of identity verification being bypassed in the Gallery module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2022-48515: Vulnerability of inappropriate permission control in Nearby

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48516: Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-48517: Unauthorized service access vulnerability in the DSoftBus module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48518: Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CVE-2022-48519: Unauthorized access vulnerability in the SystemUI module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48520: Unauthorized access vulnerability in the SystemUI module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1691: Vulnerability of failures to capture exceptions in the communication framework

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-1695: Vulnerability of failures to capture exceptions in the communication framework

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34164: Vulnerability of incomplete input parameter verification in the communication framework module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-3455: Key management vulnerability in the system

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-3456: Vulnerability of kernel raw address leakage in the hang detector module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-37238: Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect some wireless projection features.

CVE-2023-37239: String formatting vulnerability in the distributed file system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.

CVE-2023-37240: Vulnerability of input length not verified in the distributed file system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2023-37241: Input verification vulnerability in the WMS API

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-37242: Vulnerability of commands from the modem being intercepted in the atcmdserver module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

Acknowledgment: Mateo De la Hoz, from Skidbladnir Security Labs

CVE-2023-37245: Buffer overflow vulnerability in the modem pinctrl module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect the integrity and availability of the modem.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue