April

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more
For a better user experience, please use the latest version of Internet Explorer or switch to another browser.
Popular Products
HUAWEI P40 Pro
HUAWEI P40
Quick View
enter more search keys

HUAWEI EMUI/Magic UI security updates April 2022

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the March 2022 Android security bulletin:

Critical: none

High: CVE-2021-39667, CVE-2021-39692, CVE-2021-39695, CVE-2021-39697, CVE-2021-39703, CVE-2021-39704, CVE-2021-39706, CVE-2021-39707, CVE-2021-39686, CVE-2021-35105, CVE-2022-20053, CVE-2021-39698, CVE-2021-39685, CVE-2021-3655, CVE-2021-35088, CVE-2021-35103, CVE-2021-35106, CVE-2021-35117

Medium: CVE-2021-30299, CVE-2021-33624, CVE-2021-37159, CVE-2021-39711, CVE-2021-39714, CVE-2021-39792, CVE-2021-41864, CVE-2021-43975, CVE-2021-22600

Low: none

Already included in previous updates: CVE-2021-40490, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890, CVE-2021-40148, CVE-2021-0987, CVE-2021-1005, CVE-2021-1014, CVE-2021-1015

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-22258: Event notification vulnerability in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation-of-privilege.

CVE-2022-22257: Vulnerability of improper permission control in the customization framework

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect integrity.

CVE-2022-22256: Vulnerability of improper access control in the DFX module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-22255: Common DoS vulnerability in the application framework

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2022-22254: Permission bypass vulnerability when the CAs in the NFC module accesses the TEE

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-22253: Vulnerability of improper validation of integrity check values in the DFX module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22252: UAF vulnerability in the DFX module

Severity: Critical

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect system stability.

CVE-2021-46742: Unauthorized insertion and tampering of settings secure data in the multi-window module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2021-46740: Vulnerability of defects being introduced in the design process in the device authentication service module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40065: Service logic error vulnerability in the communication module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue