September

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI/Magic UI security updates September 2023

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the August 2023 Android security bulletin:

Critical: CVE-2023-21282, CVE-2023-21273

High: CVE-2023-21287, CVE-2023-21267, CVE-2023-21285, CVE-2023-21286, CVE-2023-21288, CVE-2023-21292, CVE-2023-21283, CVE-2023-21272, CVE-2023-21275, CVE-2023-21268, CVE-2023-21290, CVE-2023-21265

Medium: CVE-2023-21649

Low: none

Already included in previous updates: CVE-2023-21240, CVE-2023-21192, CVE-2023-21187

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-46316: Input verification vulnerability in the fingerprint module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.

CVE-2022-48606: Stability-related vulnerability in the binder background management and control module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-39408: DoS vulnerability in the PMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-39409: DoS vulnerability in the PMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41293: Data security classification vulnerability in the DDMP module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41296: Vulnerability of missing authorization in the kernel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality.

CVE-2023-41297: Vulnerability of defects introduced in the design process in the HiviewTunner module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause service hijacking.

CVE-2023-41298: Vulnerability of permission control in the window module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41299: DoS vulnerability in the PMS module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41300: Vulnerability of parameters not being strictly verified in the PMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-41301: Vulnerability of unauthorized API access in the PMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-41302: Redirection permission verification vulnerability in the home screen module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-41303: Command injection vulnerability in the distributed file system module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause variables in the sock structure to be modified.

CVE-2023-41305: Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41306: Vulnerability of mutex management in the bone voice ID trusted application (TA) module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.

CVE-2023-41307: Memory overwriting vulnerability in the security module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-41308: Screenshot vulnerability in the input module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2023-41309: Permission control vulnerability in the MediaPlaybackController module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-41310: Keep-alive vulnerability in the sticky broadcast mechanism

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.

CVE-2023-41311: Permission control vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause an app to be activated automatically.

CVE-2023-41312: Permission control vulnerability in the audio module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause several apps to be activated automatically.

CVE-2023-4565: Broadcast permission control vulnerability in the framework module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue