HUAWEI EMUI/Magic UI security updates August 2023
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following third-party library patches:
This security update includes the CVE announced in the July 2023 Android security bulletin:
Critical: CVE-2023-21250
High: CVE-2022-27405, CVE-2022-27406, CVE-2023-20918, CVE-2023-21145, CVE-2023-21238, CVE-2023-21246, CVE-2023-21241, CVE-2022-42703, CVE-2021-0948, CVE-2023-22386, CVE-2023-28541, CVE-2023-28542
Medium: none
Low: none
Already included in previous updates: CVE-2022-20199, CVE-2023-21180, CVE-2023-21168, CVE-2023-21193, CVE-2023-21167, CVE-2023-21172, CVE-2023-21173, CVE-2023-21175, CVE-2023-20973, CVE-2023-20974, CVE-2023-20977, CVE-2023-20979, CVE-2023-20980, CVE-2023-20981, CVE-2023-20982, CVE-2023-20983, CVE-2023-20985, CVE-2023-20986, CVE-2023-20987, CVE-2023-20988, CVE-2023-20989, CVE-2023-20990, CVE-2023-21196, CVE-2023-21199, CVE-2023-21201, CVE-2023-21202, CVE-2023-21185
※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-40006: Vulnerability of design defects in the security algorithm component
Severity: High
Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-46895: Vulnerability of defects introduced in the design process in the Multi-Device Task Center
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.
CVE-2023-39380: Permission control vulnerability in the audio module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause audio devices to perform abnormally.
CVE-2023-39381: Input verification vulnerability in the storage module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39382: Input verification vulnerability in the audio module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.
CVE-2023-39383: Vulnerability of input parameters being not strictly verified in the AMS module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may compromise apps' data security.
CVE-2023-39384: Vulnerability of incomplete permission verification in the input method module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-39385: Vulnerability of configuration defects in the media module of certain products.
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may cause unauthorized access.
CVE-2023-39386: Vulnerability of input parameters being not strictly verified in the PMS module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.
CVE-2023-39387: Vulnerability of permission control in the window management module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause malicious pop-up windows.
CVE-2023-39388: Vulnerability of input parameters being not strictly verified in the PMS module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause home screen unavailability.
CVE-2023-39389: Vulnerability of input parameters being not strictly verified in the PMS module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause home screen unavailability.
CVE-2023-39390: Vulnerability of input parameter verification in certain APIs in the window management module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39391: Vulnerability of system file information leakage in the USB Service module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2023-39392: Vulnerability of insecure signatures in the OsuLogin module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
CVE-2023-39393: Vulnerability of insecure signatures in the ServiceWifiResources module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.
CVE-2023-39394: Vulnerability of API privilege escalation in the wifienhance module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may cause the arp list to be modified.
CVE-2023-39395: Mismatch vulnerability in the serialization process in the communication system
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2023-39396: Deserialization vulnerability in the input module
Severity: High
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2023-39397: Input parameter verification vulnerability in the communication system
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2023-39398: Parameter verification vulnerability in the installd module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39399: Parameter verification vulnerability in the installd module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39400: Parameter verification vulnerability in the installd module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39401: Parameter verification vulnerability in the installd module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39402: Parameter verification vulnerability in the installd module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39403: Parameter verification vulnerability in the installd module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.
CVE-2023-39404: Vulnerability of input parameter verification in certain APIs in the window management module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-39405: Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.
CVE-2023-39406: Permission control vulnerability in the XLayout component
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause apps to forcibly restart.
- en