Huawei has officially released the May 2021 EMUI and Magic UI security patch details, the security update includes the CVE (Common Vulnerabilities and Exposures). This security update includes the CVE announced in the May 2021 Android security bulletin. It includes 3 Criticals, 10 High levels and 4 Medium levels of CVE’s.
According to the track record, the Common Vulnerabilities and Exposures (CVE) system tracks publicly known security vulnerabilities and exposures in publicly released software packages.
Critical: CVE-2021-0474,CVE-2021-0475,CVE-2021-0473
High: CVE-2020-11234,CVE-2020-15436,CVE-2020-25705,CVE-2021-0484,CVE-2021-0477,CVE-2021-0472,CVE-2021-0480,CVE-2021-0466,CVE-2021-0481,CVE-2021-0476
Medium: CVE-2021-0488,CVE-2020-11231,CVE-2020-5235,CVE-2020-29368
Low: none
Already included in previous updates: CVE-2020-0169,CVE-2020-0170,CVE-2020-0172,CVE-2020-0171,CVE-2020-0174,CVE-2020-0173,CVE-2020-0175,CVE-2019-9364,CVE-2021-0375,CVE-2020-0475,CVE-2020-27054,CVE-2020-27046,CVE-2020-0346,CVE-2020-0359,CVE-2020-0354,CVE-2020-0298,CVE-2020-0299,CVE-2020-0309,CVE-2020-0291,CVE-2020-0292,CVE-2021-0431,CVE-2021-0435,CVE-2021-0443,CVE-2021-0446,CVE-2021-0428,CVE-2020-27067,CVE-2019-2182,CVE-2020-0500,CVE-2020-27028,CVE-2020-0360,CVE-2021-0433,CVE-2021-0468,CVE-2019-9386,CVE-2019-9358,CVE-2019-9235,CVE-2019-9236,CVE-2019-9240,CVE-2019-9242,CVE-2019-9244,CVE-2019-9246,CVE-2019-9251,CVE-2019-9296,CVE-2019-9344,CVE-2019-9354,CVE-2019-9356
This security update includes the following Huawei patches:
CVE-2021-22348: UAF security vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code to execute.
CVE-2021-22343: Logic bypass vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22351: DoS vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.
CVE-2021-22350: UAF security vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0,Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the device to crash and restart.
CVE-2021-22349: DoS vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of insufficient input verification may cause the system to restart.
CVE-2021-22352: Vulnerability of hijacking unverified providers in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE-2021-22347: DoS vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause temporary DoS.
CVE-2021-22346: Improper permission management vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.
CVE-2021-22345: Improper verification vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE-2021-22344: DoS vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause temporary DoS.
CVE-2021-22353: UAF security vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the kernel to restart.
CVE-2021-22354: Driver type confusion vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause app redirections.
Related:
