Huawei launched the HarmonyOS 2.0 operating system for smartphones in June this year. Following the launch, there are many smartphones and devices that were updated with the HarmonyOS updates in the form of beta and stable. Recently, the 120 million HarmonyOS 2.0 upgrade device milestone has been achieved by the company.
Apart from the HarmonyOS, the company has also upgraded its device security patches. Now, Huawei has officially released the October 2021 EMUI and Magic UI security patch details, the security update includes the CVE (Common Vulnerabilities and Exposures). This security update includes the CVE announced in the September 2021 security bulletin. It includes 1 Critical, 27 High and 2 Medium levels of CVE’s.
According to the track record, the Common Vulnerabilities and Exposures (CVE) system tracks publicly known security vulnerabilities and exposures in publicly released software packages.
This security update includes the CVE announced in the October 2021 Android security bulletin.
Critical: CVE-2021-0687
High: CVE-2021-0644, CVE-2021-0682, CVE-2021-0683, CVE-2021-0684, CVE-2021-0686, CVE-2021-0598, CVE-2021-0688, CVE-2021-0689, CVE-2021-0690, CVE-2021-0595, CVE-2020-26558, CVE-2021-0695, CVE-2021-0680, CVE-2021-0681, CVE-2019-10581, CVE-2021-0518, CVE-2021-30290, CVE-2021-30294, CVE-2021-1941, CVE-2021-1948, CVE-2021-1974, CVE-2021-0869, CVE-2021-30290, CVE-2021-30294, CVE-2021-0685, CVE-2021-0693, CVE-2021-0869
Medium: CVE-2021-1957, CVE-2021-1961
Low: none
Already included in previous updates: CVE-2021-0519, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0515, CVE-2021-0514, CVE-2021-0513, CVE-2021-0571, CVE-2020-0368, CVE-2021-0592, CVE-2021-0577, CVE-2021-0639, CVE-2020-14381, CVE-2021-3347, CVE-2021-1947, CVE-2021-28375
This security update includes the following HUAWEI patches:
CVE-2021-22326: Kernel space read/write vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause integer overflows.
CVE-2021-22488: Unauthorized file access vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22481: Verification errors in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22489: DoS vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22469: Out-of-bounds memory read vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the kernel to crash.
CVE-2021-22460: Boot restriction bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22420: Vulnerability of forging package names by implementing the getBasePackageName method in some HUAWEI devices
Severity: High
Affected versions: EMUI 9.1.1, EMUI 9.1.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect the normal use of system apps.
CVE-2021-22475: Improper permission management vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service stability and integrity.
CVE-2021-37011: Improper verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-22491: Input verification vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-36999: Buffer overflow vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
CVE-2021-36997: Low memory error in some HUAWEI devices due to the unlimited size of images to be parsed
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
CVE-2021-36995: Unauthorized file access vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some HUAWEI devices due to race conditions
Severity: Low
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
CVE-2021-36991: Unauthorized file access vulnerability in some HUAWEI devices due to unstandardized path input
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.
CVE-2021-36990: Vulnerability of tampering with the kernel in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36989: Kernel crash vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36986: Vulnerability of tampering with the kernel in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36985: Code injection vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.
CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices
Severity: Low
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22345: Improper verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE-2021-37020: Improper verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37119: Service logic vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-22374: Out-of-bounds array access in the kernel of some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause stability risks.
CVE-2021-37117: Service logic vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37116: Input verification vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect product confidentiality and availability.
CVE-2021-37114: Out-of-bounds read vulnerability in some HUAWEI devices
Severity: Low
Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37111: Memory leakage vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause memory exhaustion.
CVE-2021-37110: Timing design defects in some HUAWEI devices
Severity: High
Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37103: Improper permission management vulnerability in the HUAWEI Wallet app
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37093: Improper access control vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37092: Memory leakage vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.
CVE-2021-37075: Credential management vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37056: Improper permission control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.
CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37053: Service logic vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause WLAN DoS.
CVE-2021-37052: Exception log vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause address information leakage.
CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.
CVE-2021-37047: Input verification vulnerability in some HUAWEI phones
Severity: Low
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause some services to restart.
CVE-2021-37045: UAF vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
CVE-2021-37044: Permission control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37042: Improper verification vulnerability in some HUAWEI devices
Severity: Low
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37041: Improper verification vulnerability in some HUAWEI devices
Severity: Low
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.
CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37021: Improper verification vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-37120: Double free vulnerability in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.
CVE-2021-37121: Configuration defects in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.
CVE-2021-37014: Integer overflow vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect the normal use of the device.
