HUAWEI EMUI/Magic UI security updates June 2021
HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches.
This security update includes the CVE announced in the June 2021 Android security bulletin.
Critical:CVE-2021-0516,CVE-2021-0507
High:CVE-2020-11292,CVE-2021-0504,CVE-2021-0508,CVE-2021-0509,CVE-2021-0510,CVE-2021-0511,CVE-2021-0506,CVE-2021-0517,CVE-2021-0520,CVE-2021-0521,CVE-2021-0522,CVE-2021-0523,CVE-2021-0505
Medium:none
Low: none
Already included in previous updates:CVE-2020-0009,CVE-2018-11985,CVE-2020-0478,CVE-2020-0473,CVE-2020-27054,CVE-2020-27046,CVE-2020-0298,CVE-2020-0299,CVE-2021-0446,CVE-2021-0487,CVE-2021-1906,CVE-2021-1905,CVE-2021-28663,CVE-2021-28664,CVE-2021-0493,CVE-2021-0494,CVE-2021-0495,CVE-2021-0496,CVE-2021-0497,CVE-2021-0498,CVE-2021-0491,CVE-2021-0490,CVE-2021-0489,CVE-2021-0492,CVE-2019-9358,CVE-2020-0359,CVE-2020-27059
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-22388: Out-of-bounds array access in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2020-24587: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-22445: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22444: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code injection.
CVE-2021-22443: Improper verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause random address access.
CVE-2021-22442: Improper verification of the integrity check result in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22438: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22433: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs
CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs
CVE-2021-22430: Logic bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code injection.
Acknowledgment: Lorant Szabo, TASZK Security Labs
CVE-2021-22429: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs
CVE-2021-22428: Race condition vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22427: Race condition vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22426: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs
CVE-2021-22415: DoS vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause kernel exceptions with the code.
CVE-2021-22414: Stack overflow vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22413: Out-of-bounds memory write vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22412: Out-of-bounds address access in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause random kernel address access.
CVE-2021-22392: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.
Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs
CVE-2021-22391: Stack overflow vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22390: UAF vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2021-22389: Kernel address rewrite vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2021-22446: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22387: Deserialization vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may allow attempts to remotely execute commands.
CVE-2021-22386: Race condition vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22385: NFC-based connection authentication vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22384: Race condition vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22381: Bluetooth protocol stack vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause an infinite loop in DoS.
CVE-2021-22380: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
Acknowledgment: Mathy Vanhoef, New York University Abu Dhabi
CVE-2021-22379: Integer overflow vulnerability in some HUAWEI phones
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause DoS of Samgr.
CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.
CVE-2021-22375: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.
CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22367: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause integer overflows.
CVE-2020-26558: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2020-26555: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2020-26147: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26146: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26145: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26144: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26143: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26142: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26141: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26140: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-26139: Vulnerability of forwarding unverified packets in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2020-24588: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-22447: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the system to reset.
CVE-2021-22448: Improper verification vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause unauthorised read and write of some files.
CVE-2020-24586: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.