April

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the March 2024 Android Security bulletin:

Critical: CVE-2024-0039, CVE-2024-23717, CVE-2023-45866

High: CVE-2024-0049, CVE-2024-0050, CVE-2024-0051, CVE-2024-0048, CVE-2024-0045, CVE-2023-43550, CVE-2023-20907, CVE-2024-0033

Medium: CVE-2023-33090, CVE-2020-27066, CVE-2023-33038

Low: none

Already included in previous updates: CVE-2023-20908, CVE-2023-33069

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-52382: Vulnerability of improper control over foreground service notifications in the notification module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-52713: Vulnerability of improper permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2023-52714: Vulnerability of defects introduced in the design process in the hwnff module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Acknowledgment: ycmint working with ADLab of VenusTech

CVE-2023-52716: Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2023-52717: Permission verification vulnerability in the lock screen module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30413: Vulnerability of improper permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30414: Command injection vulnerability in the AccountManager module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-30415: Vulnerability of improper permission control in the window management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2024-30416: Use After Free (UAF) vulnerability in the underlying driver module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Acknowledgment: Chao Ma(马超) of Baidu AIoT Security Team

CVE-2024-30417: Path traversal vulnerability in the Bluetooth-based sharing module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2024-30418: Vulnerability of insufficient permission verification in the app management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability will affect availability.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue