Security Bulletins for HUAWEI Phones/Tablets, December 2024
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2024-54097 | Security vulnerability in the HiView module | Successful exploitation of this vulnerability may affect feature implementation and integrity. | High | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-54098 | Service logic error vulnerability in the system service module | Successful exploitation of this vulnerability may affect service integrity. | High | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-54096 | Vulnerability of improper access control in the MTP module | Successful exploitation of this vulnerability may affect integrity and accuracy. | Medium | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-54099 | File replacement vulnerability on some devices | Successful exploitation of this vulnerability will affect integrity and confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-54100 | Vulnerability of improper access control in the secure input module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-54101 | Denial of service (DoS) vulnerability in the installation module | Successful exploitation of this vulnerability will affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-54102 | Race condition vulnerability in the DDR module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0, HarmonyOS4.2.0 |
| CVE-2024-54106 | Null pointer dereference vulnerability in the image decoding module | Successful exploitation of this vulnerability will affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-54108 | Read/Write vulnerability in the image decoding module | Successful exploitation of this vulnerability will affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-54109 | Read/Write vulnerability in the image decoding module | Successful exploitation of this vulnerability will affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-54103 | Vulnerability of improper access control in the album module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54104 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54105 | Read/Write vulnerability in the image decoding module | Successful exploitation of this vulnerability will affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54107 | Read/Write vulnerability in the image decoding module | Successful exploitation of this vulnerability will affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54110 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54111 | Read/Write vulnerability in the image decoding module | Successful exploitation of this vulnerability will affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54112 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54113 | Process residence vulnerability in abnormal scenarios in the print module | Successful exploitation of this vulnerability may affect power consumption. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54114 | Out-of-bounds access vulnerability in playback in the DASH module | Successful exploitation of this vulnerability will affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54115 | Out-of-bounds read vulnerability in the DASH module | Successful exploitation of this vulnerability will affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54116 | Out-of-bounds read vulnerability in the M3U8 module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54117 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54119 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54122 | Concurrent variable access vulnerability in the ability module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2024-43091 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43081 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43082 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43084 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-43085 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43086 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43090 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43093 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-43080 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43088 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43089 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-38422 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-46740 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-38423 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43047 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-40675 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-40676 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2023-40119 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2023-52160 | Low | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-46783 | Low | HarmonyOS5.0.0 |
| CVE-2024-46740 | Low | HarmonyOS5.0.0 |
| CVE-2024-46679 | Medium | HarmonyOS5.0.0 |
Updated on: 2024-12-05
- en