April

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the March 2024 Android Security bulletin:

Critical: CVE-2024-0039, CVE-2024-23717, CVE-2023-45866

High: CVE-2024-0049, CVE-2024-0050, CVE-2024-0051, CVE-2024-0048, CVE-2024-0045, CVE-2023-43550, CVE-2023-20907, CVE-2024-0033

Medium: CVE-2023-33090, CVE-2020-27066, CVE-2023-33038

Low: none

Already included in previous updates: CVE-2023-20908, CVE-2023-33069

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-52713: Vulnerability of improper permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-52714: Vulnerability of defects introduced in the design process in the hwnff module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Acknowledgment: ycmint working with ADLab of VenusTech

CVE-2023-52716: Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52717: Permission verification vulnerability in the lock screen module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30413: Vulnerability of improper permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30414: Command injection vulnerability in the AccountManager module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-30415: Vulnerability of improper permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30416: Use After Free (UAF) vulnerability in the underlying driver module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2024-30417: Path traversal vulnerability in the Bluetooth-based sharing module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-30418: Vulnerability of insufficient permission verification in the app management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.