November

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE Vulnerability Description Impact Severity Affected Version
CVE-2024-51526 Permission control vulnerability in the hidebug module Successful exploitation of this vulnerability may affect service confidentiality. Critical HarmonyOS5.0.0
CVE-2024-51523 Information management vulnerability in the Gallery module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.0.0
CVE-2024-51525 Permission control vulnerability in the clipboard module Successful exploitation of this vulnerability may affect service confidentiality. High HarmonyOS5.0.0
CVE-2024-51527 Permission control vulnerability in the Gallery app Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-51528 Vulnerability of improper log printing in the Super Home Screen module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-51529 Data verification vulnerability in the battery module Successful exploitation of this vulnerability may affect function stability. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-51530 LaunchAnywhere vulnerability in the account module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-51510 Out-of-bounds access vulnerability in the logo module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0
CVE-2024-45448 Page table protection configuration vulnerability in the trusted firmware module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51511 Vulnerability of parameter type not being verified in the WantAgent module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51512 Vulnerability of parameter type not being verified in the WantAgent module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51513 Vulnerability of processes not being fully terminated in the VPN module Successful exploitation of this vulnerability will affect power consumption. Medium HarmonyOS5.0.0
CVE-2024-51514 Vulnerability of pop-up windows belonging to no app in the VPN module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.0
CVE-2024-51515 Race condition vulnerability in the kernel network module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51516 Permission control vulnerability in the ability module Successful exploitation of this vulnerability may cause features to function abnormally. Medium HarmonyOS5.0.0
CVE-2024-51517 Vulnerability of improper memory access in the phone service module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51518 Vulnerability of message types not being verified in the advanced messaging module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51519 Vulnerability of input parameters not being verified in the HDC module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51520 Vulnerability of input parameters not being verified in the HDC module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51521 Input parameter verification vulnerability in the background service module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51522 Vulnerability of improper device information processing in the device management module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS5.0.0
CVE-2024-51524 Permission control vulnerability in the Wi-Fi module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS5.0.0

This security update includes the following third-party library patches:

CVE Severity Affected Version
CVE-2024-43892 Critical HarmonyOS5.0.0
CVE-2024-42312 Critical HarmonyOS5.0.0
CVE-2024-42283 Critical HarmonyOS5.0.0
CVE-2024-42292 Critical HarmonyOS5.0.0
CVE-2024-40673 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-38399 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33049 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33069 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-33060 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-34737 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-44987 High HarmonyOS5.0.0
CVE-2024-43882 High HarmonyOS5.0.0
CVE-2024-42305 High HarmonyOS5.0.0
CVE-2024-6119 High HarmonyOS5.0.0
CVE-2024-46798 High HarmonyOS5.0.0

Updated on: 2024-11-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue