Huawei has officially started the EMUI 12 stable rollout for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.
Apart from the EMUI 12 and HarmonyOS, the April 2022 Huawei EMUI security patch is now live and it fixes 19 High levels, and 9 mediums while there are no low levels of CVEs.
This security update includes the CVE announced in the March 2022 Android security bulletin:
Critical: none
High: CVE-2021-39624, CVE-2021-39667, CVE-2021-39692, CVE-2021-39695, CVE-2021-39697, CVE-2021-39703, CVE-2021-39704, CVE-2021-39706, CVE-2021-39707, CVE-2021-39686, CVE-2021-35105, CVE-2022-20053, CVE-2021-39698, CVE-2021-39685, CVE-2021-3655, CVE-2021-35088, CVE-2021-35103, CVE-2021-35106, CVE-2021-35117
Medium: CVE-2021-30299, CVE-2021-33624, CVE-2021-37159, CVE-2021-39711, CVE-2021-39714, CVE-2021-39792, CVE-2021-41864, CVE-2021-43975, CVE-2021-22600
Low: none
Already included in previous updates: CVE-2021-40490, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890, CVE-2021-40148, CVE-2021-0987, CVE-2021-1005, CVE-2021-1014, CVE-2021-1015
This security update includes the following HUAWEI patches:
CVE-2022-22258: Event notification vulnerability in the Wi-Fi module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation-of-privilege.
CVE-2022-22257: Vulnerability of improper permission control in the customization framework
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2022-22256: Vulnerability of improper access control in the DFX module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-22255: Common DoS vulnerability in the application framework
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-22254: Permission bypass vulnerability when the CAs in the NFC module accesses the TEE
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-22253: Vulnerability of improper validation of integrity check values in the DFX module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect system stability.
CVE-2022-22252: UAF vulnerability in the DFX module
Severity: Critical
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect system stability.
CVE-2021-46742: Unauthorized insertion and tampering of settings secure data in the multi-window module.
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-46740: Vulnerability of defects being introduced in the design process in the device authentication service module
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40065: Service logic error vulnerability in the communication module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
