Connect with us

Huawei News

These 49 issues on EMUI 11, 10.1, 10, Magic UI 4 and Magic UI 3.1 got fixed with July 2021 security patch

Published

on

EMUI July 2021 Patch Details 49 Issues Fixed

Huawei has released the July 2021 security patch details, which fixes many issues and bugs to provide better system security. The July 2021 security patch fixes common vulnerabilities and exposures (CVE) including 2 Criticals and 13 High levels of CVE’s.

In the July 2021 security patch, Huawei has fixes some issues found on the EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, and  Magic UI 3.1.1.

These 49 issues on EMUI 11, 10.1, 10, Magic UI 4 and Magic UI 3.1 got fixed with July 2021 security patch:

CVE-2021-22475: Improper permission management vulnerability in some Huawei phones

Severity: Low

Advertisement

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Advertisement

Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

Advertisement

CVE-2021-36996: Improper verification vulnerability in some Huawei devices

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.

CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones

Advertisement

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions

Severity: Low

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE-2021-36993: Memory leaks in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Advertisement

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-36992: Public key verification vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones

Advertisement

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36989: Kernel crash vulnerability in some Huawei phones

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36988: Parameter verification issues in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Advertisement

Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can cause the system to restart.

Advertisement

CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36985: Code injection vulnerability in some Huawei devices

Advertisement

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE-2021-22491: Input verification vulnerability in some Huawei devices

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22490: Permission verification vulnerability in some Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect the device performance.

CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

Advertisement

CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22486: Unstandardized field names in some Huawei phones

Advertisement

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Advertisement

Impact: Successful exploitation of this vulnerability may cause DoS.

CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.

Advertisement

CVE-2021-36998: Improper verification vulnerability in some devices

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.

CVE-2021-22474: Out-of-bounds memory access in some Huawei phones

Advertisement

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE-2021-22473: Authentication vulnerability in some Huawei devices

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22472: Improper verification vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory

Advertisement

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE-2021-22436: Logic bypass vulnerability in some Huawei devices

Severity: High

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22435: Logic bypass vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Advertisement

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability can cause the system to restart.

Advertisement

CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Advertisement

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.

CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Advertisement

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

Advertisement

CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22406: Remote DoS vulnerability with the MeeTime app

Advertisement

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.

CVE-2021-22405: Configuration defects in some Huawei phones

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22404: Directory traversal vulnerability in Huawei phones

Severity: Low

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Advertisement

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

Advertisement

CVE-2021-22402: DoS vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause DoS attacks.

CVE-2021-22401: Remote DoS vulnerability in some Huawei phones

Advertisement

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE-2021-22395: Code injection vulnerability in some Huawei devices

Severity: Medium

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Advertisement

Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE-2021-37000: Improper permission management vulnerability in some Huawei phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-22367: Logic bypass vulnerability in some Huawei devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

Advertisement

Huawei News

Huawei Petal Mail App will no longer be available for download

Published

on

By

Huawei Petal Mail App

According to the official information, the Huawei released the delisting announcement of its Petal Mail App. The full text of the announcement is as follows: [translated]

Thank you for your continued attention and support to the Huawei Petal Mail App. In order to better adapt to the changing needs of product experience, service content and local markets, we have made strategic adjustments to the Huawei Petal Mail App.

The Petal Mail App will officially switch to the Email App on December 31, 2024, and the Petal Mail App will no longer be available for download from the App Store. The Petal Mail App you have installed can be used normally. We apologize for the inconvenience. You can continue to view, send or receive emails in the pre-installed Email App on your Huawei phone or use a computer browser to open the Petal Mail official website ( https://www.petalmail.com ), and your emails and personal data will not be lost.

Huawei Petal Mail App

Continue Reading

Huawei News

Huawei Mate 70 lineup repair spare parts prices announced

Published

on

By

Huawei Mate 70 lineup

Huawei released the Mate 70 series of mobile phones, with a starting price of 5,499 yuan. At present, the prices of spare parts for the new Mate 70 series have been announced on Huawei’s official website.

Huawei Mate 70 lineup repair spare parts prices announced

Battery and motherboard

Mate 70

Battery — 199
12GB+256GB — 2499
12GB+512GB — 2899
12GB+1TB — 3599

Mate 70 Pro

Battery — 199
12GB+256GB — 2899
12GB+512GB — 3299
12GB+1TB — 3999

Advertisement

Mate 70 Pro+

Battery — 299
16GB+512GB — 4399
16GB+1TB — 4899

Mate 70 RS

Battery — 299
16GB+512GB — 6499
16GB+1TB — 6999

Camera

Camera

Accessories

Advertisement
Continue Reading

Huawei News

Huawei FreeBuds Pro 4 official announcement

Published

on

By

Huawei FreeBuds Pro 4

Huawei officially announced the new FreeBuds Pro 4 headphones. This is the first TWS headset equipped with HarmonyOS NEXT and will be officially launched at the Huawei Mate Brand Festival on November 26.

As can be seen from the poster, the headset adopts an in-ear design with black and gold color matching, and the overall shape is similar to the previous generation. With the support of the new system, FreeBuds Pro 4 is expected to bring more functional upgrades.

Huawei FreeBuds Pro 4

For reference, Huawei FreeBuds Pro 3 was released in September last year with an initial price of 1,499 yuan . It is equipped with the Kirin A2 chip that uses Polar code, supports Star Flash connection core technology and Bluetooth technology, and the new L2HC 3.0 protocol.

Continue Reading

Most Popular