Security Bulletins for HUAWEI Phones/Tablets, November 2024
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
CVE | Vulnerability Description | Impact | Severity | Affected Version |
---|---|---|---|---|
CVE-2024-51526 | Permission control vulnerability in the hidebug module | Successful exploitation of this vulnerability may affect service confidentiality. | Critical | HarmonyOS5.0.0 |
CVE-2024-51523 | Information management vulnerability in the Gallery module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
CVE-2024-51525 | Permission control vulnerability in the clipboard module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
CVE-2024-51527 | Permission control vulnerability in the Gallery app | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-51528 | Vulnerability of improper log printing in the Super Home Screen module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2024-51529 | Data verification vulnerability in the battery module | Successful exploitation of this vulnerability may affect function stability. | Medium | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-51530 | LaunchAnywhere vulnerability in the account module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-51510 | Out-of-bounds access vulnerability in the logo module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0 |
CVE-2024-45448 | Page table protection configuration vulnerability in the trusted firmware module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51511 | Vulnerability of parameter type not being verified in the WantAgent module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51512 | Vulnerability of parameter type not being verified in the WantAgent module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51513 | Vulnerability of processes not being fully terminated in the VPN module | Successful exploitation of this vulnerability will affect power consumption. | Medium | HarmonyOS5.0.0 |
CVE-2024-51514 | Vulnerability of pop-up windows belonging to no app in the VPN module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
CVE-2024-51515 | Race condition vulnerability in the kernel network module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51516 | Permission control vulnerability in the ability module | Successful exploitation of this vulnerability may cause features to function abnormally. | Medium | HarmonyOS5.0.0 |
CVE-2024-51517 | Vulnerability of improper memory access in the phone service module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51518 | Vulnerability of message types not being verified in the advanced messaging module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51519 | Vulnerability of input parameters not being verified in the HDC module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51520 | Vulnerability of input parameters not being verified in the HDC module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51521 | Input parameter verification vulnerability in the background service module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51522 | Vulnerability of improper device information processing in the device management module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
CVE-2024-51524 | Permission control vulnerability in the Wi-Fi module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
This security update includes the following third-party library patches:
CVE | Severity | Affected Version |
---|---|---|
CVE-2024-43892 | Critical | HarmonyOS5.0.0 |
CVE-2024-42312 | Critical | HarmonyOS5.0.0 |
CVE-2024-42283 | Critical | HarmonyOS5.0.0 |
CVE-2024-42292 | Critical | HarmonyOS5.0.0 |
CVE-2024-40673 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-38399 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2024-33049 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2024-33069 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-33060 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
CVE-2024-34737 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
CVE-2024-44987 | High | HarmonyOS5.0.0 |
CVE-2024-43882 | High | HarmonyOS5.0.0 |
CVE-2024-42305 | High | HarmonyOS5.0.0 |
CVE-2024-6119 | High | HarmonyOS5.0.0 |
CVE-2024-46798 | High | HarmonyOS5.0.0 |
Updated on: 2024-11-05
- en