May

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
For a better user experience, please use the latest version of Internet Explorer or switch to another browser.
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI Pura 70 Ultra
HUAWEI MateBook X Pro Core Ultra Premium Edition
HUAWEI WATCH FIT 3
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

Security Bulletins for HUAWEI Phones/Tablets, May 2024

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the April 2024 Android Security bulletin:

Critical: none

High: CVE-2023-21267, CVE-2024-0026, CVE-2024-0027, CVE-2024-23713, CVE-2024-21468, CVE-2024-21472, CVE-2024-0044, CVE-2024-0046, CVE-2023-43518, CVE-2023-43519, CVE-2023-40103, CVE-2023-22385, CVE-2023-24848, CVE-2023-33040, CVE-2024-0053

Medium: CVE-2023-21663, CVE-2023-21644

Low: none

Already included in previous updates: CVE-2024-0033

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-52383: Double-free vulnerability in the RSMC module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52384: Double-free vulnerability in the RSMC module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52719: Privilege escalation vulnerability in the PMS module

Severity: High

Affected versions: HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52720: Race condition vulnerability in the soundtrigger module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32989: Insufficient verification vulnerability in the system sharing pop-up module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32990: Permission verification vulnerability in the system sharing pop-up module

Severity: High

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32991: Permission verification vulnerability in the wpa_supplicant module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32992: Insufficient verification vulnerability in the baseband module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32993: Out-of-bounds access vulnerability in the memory module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2024-32995: Denial of service (DoS) vulnerability in the AMS module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32996: Privilege escalation vulnerability in the account module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32997: Race condition vulnerability in the binder driver module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32998: NULL pointer access vulnerability in the clock module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32999: Cracking vulnerability in the OS security module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-4046: Cracking vulnerability in the OS security module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Updated on: 2024-05-07

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue