HUAWEI EMUI/Magic UI security updates September 2021
HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:
This security update includes the CVE announced in the Android security bulletin.
Critical: CVE-2021-1976, CVE-2021-1972
High: CVE-2021-0591, CVE-2021-0593, CVE-2021-0640, CVE-2021-0641, CVE-2021-0642, CVE-2021-0646, CVE-2021-0584, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-1978, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582, CVE-2021-0578
Medium: none
Low: none
Already included in previous updates: CVE-2019-9239, CVE-2019-9238, CVE-2019-9309, CVE-2021-1965, CVE-2021-1943, CVE-2021-1945, CVE-2021-1954, CVE-2021-1964
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-22450: Memory leaks in some HUAWEI devices due to exceptions when freeing memory
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.
CVE-2021-22323: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.
CVE-2021-37047: Input verification vulnerability in some HUAWEI phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause some services to restart.
CVE-2021-37046: Memory leak vulnerability with the codec detection module in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.
CVE-2021-37045: UAF vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
CVE-2021-37044: Permission control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.
CVE-2021-37039: Input verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause Bluetooth DoS.
CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37037: Invalid address access vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2021-37027: DoS vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37009: Multi-user settings vulnerability in the system components of some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37000: Improper permission management vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36987: Nodes in the linked list being freed for multiple times in some HUAWEI devices due to race conditions
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service stability and integrity.
CVE-2021-33909: Privilege escalation vulnerability in the file system components of some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22486: Unstandardized field names in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37052: Exception log vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause address information leakage.
CVE-2021-22437: Software integer overflow leading to a TOCTOU condition in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause random address access.
CVE-2021-22436: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.
CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs
CVE-2021-22425: Nodes in the linked list being freed for multiple times in some HUAWEI devices due to race conditions
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.
CVE-2021-22372: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22371: Allowing arbitrary capture of call stacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22369: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE-2021-22368: Access control vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.0.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect normal use of the device.
CVE-2021-22346: Improper permission management vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.
Acknowledgment: Zhang Qing, WuHeng Lab of Bytedance
CVE-2021-22343: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause app redirections.
CVE-2021-22325: Video streaming vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may result in video streams being intercepted during wired projections.
Acknowledgment: Lu Hongyi, Wu Yechang, Li Shuqing, Lin You, Zhang Chaozu, and Zhang Fengwei, COMPASS Lab of Southern University of Science and Technology
CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37055: Logic bypass vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.
Acknowledgment: Zhang Qing, WuHeng Lab of Bytedance
CVE-2021-22322: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- gh