February

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI security updates February 2024

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the January 2024 Android Security bulletin:

Critical: CVE-2023-40077

High: CVE-2024-0016, CVE-2024-0018, CVE-2024-0023, CVE-2023-33110, CVE-2023-33117, CVE-2023-33120, CVE-2023-33114, CVE-2023-40079, CVE-2023-40075, CVE-2023-45777, CVE-2023-45780, CVE-2023-35674

Medium: CVE-2023-28575, CVE-2023-21183, CVE-2023-21353, CVE-2022-20563, CVE-2022-20580, CVE-2023-20950

Low: none

Already included in previous updates: CVE-2023-40092, CVE-2023-22383, CVE-2023-21352, CVE-2022-20281

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-48621: Vulnerability of missing authentication for critical functions in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52097: Vulnerability of foreground service restrictions being bypassed in the NMS module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52357: Vulnerability of serialization/deserialization mismatch in the vibration framework

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-52358: Vulnerability of configuration defects in some APIs of the audio module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-52360: Logic vulnerabilities in the baseband

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2023-52362: Permission management vulnerability in the lock screen module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-52363: Vulnerability of defects introduced in the design process in the Control Panel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause app processes to be started by mistake.

CVE-2023-52365: Out-of-bounds read vulnerability in the smart activity recognition module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Acknowledgment:Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52366: Out-of-bounds read vulnerability in the smart activity recognition module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Acknowledgment:Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52367: Vulnerability of improper access control in the media library module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52368: Input verification vulnerability in the account module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52369: Stack overflow vulnerability in the NFC module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service availability and integrity.

CVE-2023-52370: Stack overflow vulnerability in the network acceleration module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized file access.

Acknowledgment:Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52371: Vulnerability of null references in the motor module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52372: Vulnerability of input parameter verification in the motor module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

Acknowledgment:Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52373: Vulnerability of permission verification in the content sharing pop-up module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause unauthorized file sharing.

CVE-2023-52374: Permission control vulnerability in the package management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52375: Permission control vulnerability in the WindowManagerServices module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2023-52376: Information management vulnerability in the Gallery module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52377: Vulnerability of input data not being verified in the cellular data module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Acknowledgment:Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52378: Vulnerability of incorrect service logic in the WindowManagerServices module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-52379: Permission control vulnerability in the calendarProvider module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52380: Vulnerability of improper access control in the email module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52381: Script injection vulnerability in the email module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2023-52387: Resource reuse vulnerability in the GPU module

Severity: Critical

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue