Security Bulletins for HUAWEI Phones/Tablets, January 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2024-56439 | Access control vulnerability in the identity authentication module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS5.0.0 |
| CVE-2024-56447 | Vulnerability of improper permission control in the window management module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56451 | Integer overflow vulnerability during glTF model loading in the 3D engine module | Successful exploitation of this vulnerability may affect availability. | High | HarmonyOS5.0.0 |
| CVE-2024-54121 | Startup control vulnerability in the ability module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS5.0.0 |
| CVE-2024-54120 | Race condition vulnerability in the distributed notification module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56434 | UAF vulnerability in the device node access module | Successful exploitation of this vulnerability may cause service exceptions of the device. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-56435 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56436 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2023-52953 | Path traversal vulnerability in the Medialibrary module | Successful exploitation of this vulnerability will affect integrity and confidentiality. | Medium | HarmonyOS3.0.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2023-52954 | Vulnerability of improper permission control in the Gallery module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2023-52955 | Vulnerability of improper authentication in the ANS system service module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56437 | Vulnerability of input parameters not being verified in the widget framework module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56438 | Vulnerability of improper memory address protection in the HUKS module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0 |
| CVE-2024-56440 | Permission control vulnerability in the Connectivity module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-56441 | Race condition vulnerability in the Bastet module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56442 | Vulnerability of native APIs not being implemented in the NFC service module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56443 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56444 | Cross-process screen stack vulnerability in the UIExtension module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56445 | Instruction authentication bypass vulnerability in the Findnetwork module | Successful exploitation of this vulnerability may cause features to perform abnormally. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56446 | Vulnerability of variables not being initialized in the notification module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56448 | Vulnerability of improper access control in the home screen widget module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56449 | Privilege escalation vulnerability in the Account module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56450 | Buffer overflow vulnerability in the component driver module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-56452 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56453 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56454 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56455 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
| CVE-2024-56456 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS5.0.0 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2024-43097 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43767 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43768 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43762 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-40661 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 14.0.0, EMUI 13.0.0 |
| CVE-2024-38415 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-47701 | High | HarmonyOS5.0.0 |
| CVE-2024-54030 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47679 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47685 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47705 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47707 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47742 | Medium | HarmonyOS5.0.0 |
| CVE-2024-49882 | Medium | HarmonyOS5.0.0 |
| CVE-2024-49967 | Medium | HarmonyOS5.0.0 |
| CVE-2024-50014 | Medium | HarmonyOS5.0.0 |
| CVE-2024-50082 | Medium | HarmonyOS5.0.0 |
| CVE-2024-47684 | Low | HarmonyOS5.0.0 |
| CVE-2024-49881 | Low | HarmonyOS5.0.0 |
| CVE-2024-49883 | Low | HarmonyOS5.0.0 |
| CVE-2024-49884 | Low | HarmonyOS5.0.0 |
| CVE-2024-49889 | Low | HarmonyOS5.0.0 |
| CVE-2024-49948 | Low | HarmonyOS5.0.0 |
| CVE-2024-49959 | Low | HarmonyOS5.0.0 |
| CVE-2024-50006 | Low | HarmonyOS5.0.0 |
| CVE-2024-50010 | Low | HarmonyOS5.0.0 |
| CVE-2024-50024 | Low | HarmonyOS5.0.0 |
| CVE-2024-50035 | Low | HarmonyOS5.0.0 |
| CVE-2024-50036 | Low | HarmonyOS5.0.0 |
| CVE-2024-50058 | Low | HarmonyOS5.0.0 |
Updated on: 2025-01-05
- en