HUAWEI EMUI security updates March 2024

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI WATCH GT 5 Pro
HUAWEI WATCH Ultimate
HUAWEI MatePad Pro 12.2-inch
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

HUAWEI EMUI security updates March 2024

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the February 2024 Android Security bulletin:

Critical: CVE-2024-0031

High: CVE-2024-0040, CVE-2024-0034, CVE-2024-0035, CVE-2024-0036, CVE-2024-0030, CVE-2023-43513, CVE-2024-0020, CVE-2024-0021, CVE-2023-21313

Medium: CVE-2023-33064, CVE-2023-33065, CVE-2023-33067, CVE-2023-33068, CVE-2023-33069, CVE-2023-21183, CVE-2023-21297, CVE-2023-21654, CVE-2023-21667, CVE-2022-33220, CVE-2023-21655, CVE-2023-28539, CVE-2023-33111

Low: none

Already included in previous updates: CVE-2023-21352, CVE-2023-21353, CVE-2023-28575, CVE-2023-20950, CVE-2023-35674, CVE-2022-20281

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-52359: Vulnerability of permission verification in some APIs in the ActivityTaskManagerService module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52364: Vulnerability of input parameters being not strictly verified in the RSMC module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52365: Out-of-bounds read vulnerability in the intelligent status identification module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52366: Out-of-bounds read vulnerability in the intelligent status identification module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52385: Out-of-bounds write vulnerability in the RSMC module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52386: Out-of-bounds write vulnerability in the RSMC module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52388: Permission control vulnerability in the clock module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52537: Vulnerability of package name verification being bypassed in the HwIms module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52538: Vulnerability of package name verification being bypassed in the HwIms module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52539: Permission verification vulnerability in the Settings module

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52540: Vulnerability of improper authentication in the Iaware module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52541: Authentication vulnerability in the API for app pre-loading

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52542: Permission verification vulnerability in the system module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52543: Permission verification vulnerability in the system module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52544: Vulnerability of file path verification being bypassed in the email module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52545: Vulnerability of undefined permissions in the Calendar app

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52546: Vulnerability of package name verification being bypassed in the Calendar app

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52549: Vulnerability of data verification errors in the kernel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52550: Vulnerability of data verification errors in the kernel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52551: Vulnerability of data verification errors in the kernel module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52552: Input verification vulnerability in the power module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52553: Race condition vulnerability in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52554: Permission control vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-27896: Input verification vulnerability in the log module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability can affect integrity.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2024-27897: Input verification vulnerability in the call module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue