August

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the July 2023 Android security bulletin:

Critical: CVE-2023-21250

High: CVE-2022-27405, CVE-2022-27406, CVE-2023-20918, CVE-2023-21145, CVE-2023-21238, CVE-2023-21246, CVE-2023-21241, CVE-2022-42703, CVE-2021-0948, CVE-2023-22386, CVE-2023-28541, CVE-2023-28542

Medium: none

Low: none

Already included in previous updates: CVE-2022-20199, CVE-2023-21180, CVE-2023-21168, CVE-2023-21193, CVE-2023-21167, CVE-2023-21172, CVE-2023-21173, CVE-2023-21175, CVE-2023-20973, CVE-2023-20974, CVE-2023-20977, CVE-2023-20979, CVE-2023-20980, CVE-2023-20981, CVE-2023-20982, CVE-2023-20983, CVE-2023-20985, CVE-2023-20986, CVE-2023-20987, CVE-2023-20988, CVE-2023-20989, CVE-2023-20990, CVE-2023-21196, CVE-2023-21199, CVE-2023-21201, CVE-2023-21202, CVE-2023-21185

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40006: Vulnerability of design defects in the security algorithm component

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-46895: Vulnerability of defects introduced in the design process in the Multi-Device Task Center

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.

CVE-2023-39380: Permission control vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

CVE-2023-39381: Input verification vulnerability in the storage module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39382: Input verification vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.

CVE-2023-39383: Vulnerability of input parameters being not strictly verified in the AMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may compromise apps' data security.

CVE-2023-39384: Vulnerability of incomplete permission verification in the input method module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-39385: Vulnerability of configuration defects in the media module of certain products.

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access.

CVE-2023-39386: Vulnerability of input parameters being not strictly verified in the PMS module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.

CVE-2023-39387: Vulnerability of permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVE-2023-39388: Vulnerability of input parameters being not strictly verified in the PMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause home screen unavailability.

CVE-2023-39389: Vulnerability of input parameters being not strictly verified in the PMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause home screen unavailability.

CVE-2023-39390: Vulnerability of input parameter verification in certain APIs in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39391: Vulnerability of system file information leakage in the USB Service module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-39392: Vulnerability of insecure signatures in the OsuLogin module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.

CVE-2023-39393: Vulnerability of insecure signatures in the ServiceWifiResources module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

CVE-2023-39394: Vulnerability of API privilege escalation in the wifienhance module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause the arp list to be modified.

CVE-2023-39395: Mismatch vulnerability in the serialization process in the communication system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39396: Deserialization vulnerability in the input module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39397: Input parameter verification vulnerability in the communication system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39398: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39399: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39400: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39401: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39402: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39403: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39404: Vulnerability of input parameter verification in certain APIs in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39405: Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

CVE-2023-39406: Permission control vulnerability in the XLayout component

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause apps to forcibly restart.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue