September

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
For a better user experience, please use the latest version of Internet Explorer or switch to another browser.
Consumer

Smartphones, Laptops & Tablets, Wearables and More

Corporate

About Huawei, Press&Event, and More

Enterprise

Products, Solutions and Services for Enterprise

Carrier

Products, Solutions and Services for Carrier

Popular Products
HUAWEI Pura 70 Ultra
HUAWEI MateBook X Pro Core Ultra Premium Edition
HUAWEI WATCH FIT 3
Quick View
Smartphone
Wearable
PC
Tablet
Audio
Router
HUAWEI Mobile Services
enter more search keys

Security Bulletins for HUAWEI Phones/Tablets, September 2024

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE Vulnerability Description Impact Severity Affected Version
CVE-2023-52106 Vulnerability of permission verification for APIs in the DownloadProviderMain module Successful exploitation of this vulnerability may affect service availability and integrity. Medium HarmonyOS3.1.0, EMUI 13.0.0
CVE-2024-42039 Access control vulnerability in the SystemUI module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45441 Input verification vulnerability in the system service module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45442 Vulnerability of permission verification for APIs in the DownloadProviderMain module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-45443 Directory traversal vulnerability in the cust module Successful exploitation of this vulnerability will affect availability and confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45444 Access permission verification vulnerability in the WMS module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45445 Vulnerability of resources not being closed or released in the keystore module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-45446 Access permission verification vulnerability in the camera driver module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45447 Access control vulnerability in the camera framework module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45448 Page table protection configuration vulnerability in the trusted firmware module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0
CVE-2024-45449 Access permission verification vulnerability in the ringtone setting module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-45450 Permission control vulnerability in the software update module Successful exploitation of this vulnerability may affect service confidentiality. Medium HarmonyOS4.2.0, HarmonyOS2.0.0, HarmonyOS2.1.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS4.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-8298 Memory request vulnerability in the memory management module Successful exploitation of this vulnerability may affect availability. Medium HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0

This security update includes the following third-party library patches:

CVE Severity Affected Version
CVE-2023-20971 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-34740 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-34731 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-34727 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-23382 High HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33023 High HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-36971 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-33010 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33011 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33012 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33014 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-33015 High HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-21459 Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-21467 Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-31331 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2024-34720 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-34722 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-4610 High HarmonyOS4.0.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2023-21113 High HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2023-43545 Medium HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0

Updated on: 2024-09-05

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue