June

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the May 2024 Android Security bulletin:

Critical: none

High: CVE-2024-23708, CVE-2024-23707, CVE-2024-21471, CVE-2024-23354, CVE-2023-4622, CVE-2023-43522, CVE-2023-43536, CVE-2023-43548

Medium: none

Low: none

Already included in previous updates: none

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2024-32989: Insufficient verification vulnerability in the system sharing pop-up module

Severity: Medium

Affected versions: HarmonyOS4.2.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-32990: Permission verification vulnerability in the system sharing pop-up module

Severity: High

Affected versions: HarmonyOS4.2.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-36499: Vulnerability of unauthorized screenshot capturing in the WMS module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-36500: Privilege escalation vulnerability in the AMS module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-36501: Memory management vulnerability in the boottime module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability can affect integrity.

CVE-2024-36502: Out-of-bounds read vulnerability in the audio module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-36503: Memory management vulnerability in the Gralloc module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-5464: Vulnerability of insufficient permission verification in the NearLink module

Severity: Medium

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-5465: Function vulnerabilities in the Calendar module

Severity: High

Affected versions: HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Updated on: 2024-06-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue