Huawei News

Huawei released April 2022 EMUI patch details

Huawei released April 2022 EMUI patch details

Huawei has officially started the EMUI 12 stable rollout for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.

Apart from the EMUI 12 and HarmonyOS, the April 2022 Huawei EMUI security patch is now live and it fixes 19 High levels, and 9 mediums while there are no low levels of CVEs.

This security update includes the CVE announced in the March 2022 Android security bulletin:

Critical: none

High: CVE-2021-39624, CVE-2021-39667, CVE-2021-39692, CVE-2021-39695, CVE-2021-39697, CVE-2021-39703, CVE-2021-39704, CVE-2021-39706, CVE-2021-39707, CVE-2021-39686, CVE-2021-35105, CVE-2022-20053, CVE-2021-39698, CVE-2021-39685, CVE-2021-3655, CVE-2021-35088, CVE-2021-35103, CVE-2021-35106, CVE-2021-35117

Advertisement

Medium: CVE-2021-30299, CVE-2021-33624, CVE-2021-37159, CVE-2021-39711, CVE-2021-39714, CVE-2021-39792, CVE-2021-41864, CVE-2021-43975, CVE-2021-22600

Low: none

Already included in previous updates: CVE-2021-40490, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890, CVE-2021-40148, CVE-2021-0987, CVE-2021-1005, CVE-2021-1014, CVE-2021-1015

This security update includes the following HUAWEI patches:

CVE-2022-22258: Event notification vulnerability in the Wi-Fi module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation-of-privilege.

CVE-2022-22257: Vulnerability of improper permission control in the customization framework

Severity: High

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect integrity.

CVE-2022-22256: Vulnerability of improper access control in the DFX module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-22255: Common DoS vulnerability in the application framework

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect availability.

Advertisement

CVE-2022-22254: Permission bypass vulnerability when the CAs in the NFC module accesses the TEE

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-22253: Vulnerability of improper validation of integrity check values in the DFX module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect system stability.

CVE-2022-22252: UAF vulnerability in the DFX module

Severity: Critical

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect system stability.

CVE-2021-46742: Unauthorized insertion and tampering of settings secure data in the multi-window module.

Join HU On Telegram

Severity: Medium

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2021-46740: Vulnerability of defects being introduced in the design process in the device authentication service module

Severity: Medium

Affected versions: EMUI 12.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2021-40065: Service logic error vulnerability in the communication module

Severity: High

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

Advertisement
Min

Min En specializes in smartphone reviews, EMUI/HarmonyOS coverage, and mobile industry analysis. His in-depth knowledge of Huawei's ecosystem, from flagship devices to emerging technologies, makes him a trusted voice in the tech community.

Leave a Comment
Share
Published by
Min
Tags: EMUIHarmony OSHarmonyOSHuaweiHuawei NewsHuawei UpdateHUawie
4 years ago

Recent Posts

Huawei Mate 70 Air shows up in a promotional photo

Huawei is getting ready to release a new super-thin phone called the Mate 70 Air.…

3 months ago

Huawei Mate 80 series latest Information

Tipster Digital Chat Station has confirmed that the Chinese tech giant Huawei will release new…

5 months ago

Huawei’s Xu Zhijun steps down as chairman

A Chinese company called HiSilicon Semiconductor just changed who's in charge. The old boss, Xu…

5 months ago

HUAWEI MatePad Mini complete info

HUAWEI has introduced the all-new MatePad Mini tablet, in China. As per the specifications, the…

5 months ago

Huawei Watch GT 6 and Watch GT 6 Pro spotted on TDRA Certification Database

New details have been confirmed about the upcoming Huawei Watch GT 6 and Huawei Watch…

6 months ago

Huawei Nigeria to Host 2025 Job Fair

Huawei Technologies Company Nigeria Limited has announced the 2025 Huawei Job Fair, set to take…

6 months ago