Huawei released February 2022 security patch details - HU

Huawei News

Huawei released February 2022 security patch details

Published

4 years ago

on

Huawei has officially started the EMUI 12 stable rollout for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.

Apart from the EMUI 12 and HarmonyOS, the February 2022 Huawei EMUI security patch is now live and it fixes 7 high levels of CVEs, 1 medium level of CVEs while there’s no low level of CVEs. It also fixes the 27 CVE’s announced in January 2022.

Advertisement

This security update includes the CVE announced in the January 2022 Android security bulletin:

Critical: none

Advertisement

High: CVE-2021-39620, CVE-2021-39623, CVE-2021-39629, CVE-2021-39632, CVE-2021-39659, CVE-2021-30353, CVE-2021-30319

Medium: CVE-2021-30313

Advertisement

Low: none

Already included in previous updates: CVE-2021-0956, CVE-2021-0769, CVE-2021-0978, CVE-2021-0979, CVE-2021-0981, CVE-2021-0993, CVE-2021-0996, CVE-2021-0997, CVE-2021-1001, CVE-2021-1002, CVE-2021-1003, CVE-2021-1016, CVE-2021-1017, CVE-2021-1018, CVE-2021-1019, CVE-2021-1023, CVE-2021-1025, CVE-2021-39657, CVE-2021-30262, CVE-2021-0675, CVE-2021-0961, CVE-2021-0922, CVE-2020-0347, CVE-2021-0717, CVE-2021-1030, CVE-2021-1031, CVE-2021-0977.

Advertisement

This security update includes the CVE of other third-party library patches:

Critical: CVE-2021-3760

Advertisement

High: CVE-2021-0356, CVE-2021-0359, CVE-2021-0360, CVE-2021-0358, CVE-2021-0357, CVE-2021-32484, CVE-2021-32485, CVE-2021-32486, CVE-2021-32487

This security update includes the following HUAWEI patches:

Advertisement

CVE-2021-39991: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-39986: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-37115: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-37109: Security protection bypass vulnerability with the modem

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause memory protection failure.

Advertisement

CVE-2021-40044: Permission verification vulnerability in the Bluetooth module

Severity: Medium

Advertisement

Affected versions: EMUI12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause unauthorized operations.

Advertisement

CVE-2021-40015: Race condition vulnerability in the binder driver subsystem in the kernel

Severity: Medium

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect kernel stability.

Advertisement

CVE-2021-39992: Improper security permission configuration vulnerability on ACPU

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Advertisement

CVE-2021-39997: Vulnerability of unstrict input parameter verification in the audio assembly

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Advertisement

CVE-2021-39994: Arbitrary address access vulnerability with the product line test code

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

Advertisement

CVE-2021-40045: Vulnerability of signature verification mechanism failure in system upgrade through recovery mode

Severity: High

Advertisement

Affected versions: EMUI12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

CVE-2021-37107: Improper memory access permission configuration on ACPU

Severity: High

Advertisement

Affected versions: EMUI12.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Advertisement

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

Exit mobile version