July

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the June 2023 Android security bulletin:

Critical: CVE-2023-21108, CVE-2023-21127

High: CVE-2023-21129, CVE-2023-21131, CVE-2023-21136, CVE-2023-21137, CVE-2023-21143, CVE-2023-21144, CVE-2023-21135, CVE-2023-21124, CVE-2023-21121, CVE-2023-21138, CVE-2023-21115, CVE-2023-21657, CVE-2022-28349, CVE-2021-0701, CVE-2021-0945, CVE-2023-21656, CVE-2023-21669

Medium: none

Low: none

Already included in previous updates: none

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40014: Information management error vulnerability in the bone voice ID TA

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40027: Vulnerability of buffer length calculation error in the bone voice ID TA

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-40032: Information management error vulnerability in the bone voice ID TA

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2021-46890: Vulnerability of incomplete read and write permission verification in the GPU module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46891: Vulnerability of incomplete read and write permission verification in the GPU module

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-46892: Encryption bypass vulnerability in Maintenance mode

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-46893: Vulnerability of unstrict data verification and parameter check

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect integrity.

CVE-2021-46894: Use After Free (UAF) vulnerability in the uinput module

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may lead to kernel privilege escalation.

CVE-2022-48507: Vulnerability of identity verification being bypassed in the storage module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48508: Inappropriate authorization vulnerability in the system apps

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2022-48509: Race condition vulnerability due to multi-thread access to mutually exclusive resources in HUAWEI Share

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the program to exit abnormally.

CVE-2022-48510: Input verification vulnerability in the AMS module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause unauthorized operations.

CVE-2022-48511: Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause audio features to perform abnormally.

CVE-2022-48512: Use After Free (UAF) vulnerability in the Vdecoderservice service

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.

CVE-2022-48513: Vulnerability of identity verification being bypassed in the Gallery module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2022-48515: Vulnerability of inappropriate permission control in Nearby

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2022-48516: Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality.

CVE-2022-48517: Unauthorized service access vulnerability in the DSoftBus module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-48518: Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CVE-2022-48519: Unauthorized access vulnerability in the SystemUI module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48520: Unauthorized access vulnerability in the SystemUI module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-1691: Vulnerability of failures to capture exceptions in the communication framework

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-1695: Vulnerability of failures to capture exceptions in the communication framework

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34164: Vulnerability of incomplete input parameter verification in the communication framework module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-3455: Key management vulnerability in the system

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-3456: Vulnerability of kernel raw address leakage in the hang detector module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-37238: Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect some wireless projection features.

CVE-2023-37239: String formatting vulnerability in the distributed file system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.

CVE-2023-37240: Vulnerability of input length not verified in the distributed file system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2023-37241: Input verification vulnerability in the WMS API

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-37242: Vulnerability of commands from the modem being intercepted in the atcmdserver module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

Acknowledgment: Mateo De la Hoz, from Skidbladnir Security Labs

CVE-2023-37245: Buffer overflow vulnerability in the modem pinctrl module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect the integrity and availability of the modem.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue