January

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the December 2023 Android Security bulletin:

Critical: CVE-2023-40088, CVE-2023-40113

High: CVE-2023-21267, CVE-2023-40073, CVE-2023-40074, CVE-2023-40075, CVE-2023-40091, CVE-2023-40094, CVE-2023-40095, CVE-2023-40090, CVE-2023-40084, CVE-2023-28588, CVE-2023-33092, CVE-2023-33107, CVE-2023-33063, CVE-2023-21120, CVE-2023-21101, CVE-2021-39810, CVE-2023-21313, CVE-2023-21343, CVE-2023-21362, CVE-2023-35674

Medium: CVE-2022-20531, CVE-2023-21294, CVE-2023-21298, CVE-2023-21300, CVE-2023-21309, CVE-2023-21314, CVE-2023-21339, CVE-2023-21341, CVE-2023-21350, CVE-2023-21359, CVE-2023-21360, CVE-2023-21373, CVE-2023-21376, CVE-2023-21379, CVE-2023-40101, CVE-2023-21636

Low: none

Already included in previous updates: CVE-2023-21394, CVE-2023-21237

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-44112: Out-of-bounds access vulnerability in the device authentication module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-44117: Vulnerability of trust relationships being inaccurate in distributed scenarios

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-4566: Vulnerability of trust relationships being inaccurate in distributed scenarios

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52098: Denial of Service (DoS) vulnerability in the DMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52099: Vulnerability of foreground service restrictions being bypassed in the NMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52101: Component exposure vulnerability in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52102: Vulnerability of parameters being not verified in the WMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52103: Buffer overflow vulnerability in the FLP module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2023-52104: Vulnerability of parameters being not verified in the WMS module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52107: Vulnerability of permissions being not strictly verified in the WMS module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52108: Vulnerability of process priorities being raised in the ActivityManagerService module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52109: Vulnerability of trust relationships being inaccurate in distributed scenarios

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52111: Authorization vulnerability in the BootLoader module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-52112: Unauthorized file access vulnerability in the wallpaper service module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52113: launchAnyWhere vulnerability in the ActivityManagerService module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52114: Data confidentiality vulnerability in the ScreenReader module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-52116: Permission management vulnerability in the multi-screen interaction module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue