May

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the April 2024 Android Security bulletin:

Critical: CVE-2023-28540, CVE-2023-22388

High: CVE-2023-21267, CVE-2024-0026, CVE-2024-0027, CVE-2024-23713, CVE-2024-21468, CVE-2024-21472, CVE-2024-0044, CVE-2024-0046, CVE-2023-43518, CVE-2023-43519, CVE-2023-40103, CVE-2023-22385, CVE-2023-24848, CVE-2023-24849, CVE-2023-28550, CVE-2023-28551, CVE-2023-33018, CVE-2023-33040, CVE-2024-0053

Medium: CVE-2023-21663, CVE-2023-21644

Low: none

Already included in previous updates: CVE-2024-0033

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-52383: Double-free vulnerability in the RSMC module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52384: Double-free vulnerability in the RSMC module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2023-52719: Privilege escalation vulnerability in the PMS module

Severity: High

Affected versions: HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52720: Race condition vulnerability in the soundtrigger module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32989: Insufficient verification vulnerability in the system sharing pop-up module

Severity: Medium

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32990: Permission verification vulnerability in the system sharing pop-up module

Severity: High

Affected versions: HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32991: Permission verification vulnerability in the wpa_supplicant module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32992: Insufficient verification vulnerability in the baseband module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32993: Out-of-bounds access vulnerability in the memory module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2024-32995: Denial of service (DoS) vulnerability in the AMS module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32996: Privilege escalation vulnerability in the account module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32997: Race condition vulnerability in the binder driver module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32998: NULL pointer access vulnerability in the clock module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32999: Cracking vulnerability in the OS security module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-4046: Cracking vulnerability in the OS security module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Updated on: 2024-05-07

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue