June

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the May 2024 Android Security bulletin:

Critical: none

High: CVE-2024-23708, CVE-2024-23707, CVE-2024-21471, CVE-2024-23354, CVE-2023-4622, CVE-2023-43522, CVE-2023-43536, CVE-2023-43548

Medium: none

Low: none

Already included in previous updates: none

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2024-32989: Insufficient verification vulnerability in the system sharing pop-up module

Severity: Medium

Affected versions: HarmonyOS4.2.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32990: Permission verification vulnerability in the system sharing pop-up module

Severity: High

Affected versions: HarmonyOS4.2.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-36499: Vulnerability of unauthorized screenshot capturing in the WMS module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-36500: Privilege escalation vulnerability in the AMS module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-36501: Memory management vulnerability in the boottime module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can affect integrity.

CVE-2024-36502: Out-of-bounds read vulnerability in the audio module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-36503: Memory management vulnerability in the Gralloc module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-5464: Vulnerability of insufficient permission verification in the NearLink module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-5465: Function vulnerabilities in the Calendar module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Updated on: 2024-06-05