Security Bulletins for HUAWEI Vision, January 2025
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following HUAWEI patches:
| CVE | Vulnerability Description | Impact | Severity | Affected Version |
|---|---|---|---|---|
| CVE-2024-56447 | Vulnerability of improper permission control in the window management module | Successful exploitation of this vulnerability may affect service confidentiality. | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56434 | UAF vulnerability in the device node access module | Successful exploitation of this vulnerability may cause service exceptions of the device. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0 |
| CVE-2024-56438 | Vulnerability of improper memory address protection in the HUKS module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 14.0.0 |
| CVE-2024-56441 | Race condition vulnerability in the Bastet module | Successful exploitation of this vulnerability may affect service confidentiality. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56448 | Vulnerability of improper access control in the home screen widget module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, HarmonyOS2.1.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-56450 | Buffer overflow vulnerability in the component driver module | Successful exploitation of this vulnerability may affect availability. | Medium | HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 14.0.0 |
This security update includes the following third-party library patches:
| CVE | Severity | Affected Version |
|---|---|---|
| CVE-2024-38415 | High | HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43097 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43762 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43767 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
| CVE-2024-43768 | High | HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.1.0, HarmonyOS2.0.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0 |
Updated on: 2025-01-05