August

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the July 2023 Android security bulletin:

Critical: CVE-2023-21250

High: CVE-2022-27405, CVE-2022-27406, CVE-2023-20918, CVE-2023-21145, CVE-2023-21238, CVE-2023-21246, CVE-2023-21241, CVE-2022-42703, CVE-2021-0948, CVE-2023-22386, CVE-2023-28541, CVE-2023-28542

Medium: none

Low: none

Already included in previous updates: CVE-2022-20199, CVE-2023-21180, CVE-2023-21168, CVE-2023-21193, CVE-2023-21167, CVE-2023-21172, CVE-2023-21173, CVE-2023-21175, CVE-2023-20973, CVE-2023-20974, CVE-2023-20977, CVE-2023-20979, CVE-2023-20980, CVE-2023-20981, CVE-2023-20982, CVE-2023-20983, CVE-2023-20985, CVE-2023-20986, CVE-2023-20987, CVE-2023-20988, CVE-2023-20989, CVE-2023-20990, CVE-2023-21196, CVE-2023-21199, CVE-2023-21201, CVE-2023-21202, CVE-2023-21185

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-40006: Vulnerability of design defects in the security algorithm component

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-46895: Vulnerability of defects introduced in the design process in the Multi-Device Task Center

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.

CVE-2023-39380: Permission control vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause audio devices to perform abnormally.

CVE-2023-39381: Input verification vulnerability in the storage module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39382: Input verification vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause virtual machines (VMs) to restart.

CVE-2023-39383: Vulnerability of input parameters being not strictly verified in the AMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may compromise apps' data security.

CVE-2023-39384: Vulnerability of incomplete permission verification in the input method module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-39385: Vulnerability of configuration defects in the media module of certain products.

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized access.

CVE-2023-39386: Vulnerability of input parameters being not strictly verified in the PMS module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause newly installed apps to fail to restart.

CVE-2023-39387: Vulnerability of permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause malicious pop-up windows.

CVE-2023-39388: Vulnerability of input parameters being not strictly verified in the PMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause home screen unavailability.

CVE-2023-39389: Vulnerability of input parameters being not strictly verified in the PMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause home screen unavailability.

CVE-2023-39390: Vulnerability of input parameter verification in certain APIs in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39391: Vulnerability of system file information leakage in the USB Service module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-39392: Vulnerability of insecure signatures in the OsuLogin module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.

CVE-2023-39393: Vulnerability of insecure signatures in the ServiceWifiResources module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.

CVE-2023-39394: Vulnerability of API privilege escalation in the wifienhance module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause the arp list to be modified.

CVE-2023-39395: Mismatch vulnerability in the serialization process in the communication system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39396: Deserialization vulnerability in the input module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39397: Input parameter verification vulnerability in the communication system

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39398: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39399: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39400: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39401: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39402: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39403: Parameter verification vulnerability in the installd module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVE-2023-39404: Vulnerability of input parameter verification in certain APIs in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart.

CVE-2023-39405: Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.

CVE-2023-39406: Permission control vulnerability in the XLayout component

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause apps to forcibly restart.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue