Huawei News

Huawei released January 2022 EMUI security details

January 2022 EMUI Security Details

Huawei has officially started the EMUI 12 beta rollout for global devices. Starting with Europe the company has expanded its new EMUI version rapidly and seems to be starting a stable rollout in H1 2022. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.

Apart from the EMUI 12 and HarmonyOS, the January 2022 Huawei EMUI security patch is now live and it fixes 2 critical, 12 high levels of CVEs, 47 medium levels of CVEs while there’s no low level of CVEs. The December 2021 security patch (third-party library) also fixes 2 high levels of CVE.

This January 2022 security update includes the following third-party library patches:

This security update includes the CVE announced in the December 2021 Android security bulletin:

Advertisement

Critical: CVE-2021-0967, CVE-2021-0968

High: CVE-2021-0704, CVE-2021-0952, CVE-2021-0954, CVE-2021-0955, CVE-2021-0963, CVE-2021-0964, CVE-2021-0965, CVE-2021-0966, CVE-2021-0970, CVE-2021-0971, CVE-2021-33909, CVE-2021-38204

Medium: CVE-2021-0726, CVE-2021-0849, CVE-2021-0731, CVE-2021-0738, CVE-2021-0761, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0772, CVE-2021-0789, CVE-2021-0803, CVE-2021-0866, CVE-2021-0716, CVE-2021-0855, CVE-2021-0560, CVE-2021-0805, CVE-2021-0779, CVE-2021-0791, CVE-2021-0795, CVE-2021-0838, CVE-2021-0840, CVE-2021-0844, CVE-2021-0796, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0822, CVE-2021-0824, CVE-2021-0886, CVE-2021-0969, CVE-2021-0976, CVE-2021-0992, CVE-2021-0998, CVE-2021-1007, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1022, CVE-2021-1024, CVE-2021-1030, CVE-2021-1031, CVE-2020-25668, CVE-2021-39636, CVE-2021-39648, CVE-2021-39656, CVE-2021-23134

Advertisement

Low: none

Already included in previous updates: CVE-2020-0368, CVE-2021-0434, CVE-2021-0929, CVE-2021-0794, CVE-2021-0837, CVE-2021-0759, CVE-2020-26139, CVE-2020-11288, CVE-2020-11176, CVE-2020-11291, CVE-2020-11304, CVE-2021-1900, CVE-2021-1925, CVE-2021-1937, CVE-2021-30260, CVE-2021-1914, CVE-2021-1916, CVE-2021-1919, CVE-2021-1920, CVE-2021-1886, CVE-2021-1888, CVE-2021-1889, CVE-2021-1890, CVE-2021-1909, CVE-2021-1923, CVE-2021-1933, CVE-2021-1935, CVE-2021-1946, CVE-2021-1952, CVE-2021-1960, CVE-2021-1971, CVE-2021-30295, CVE-2021-1934, CVE-2021-1913, CVE-2021-1917, CVE-2021-1932, CVE-2021-1936, CVE-2021-1949, CVE-2021-1959, CVE-2021-1984, CVE-2021-1985, CVE-2021-30256, CVE-2021-30257, CVE-2021-30258, CVE-2021-30288, CVE-2021-30291, CVE-2021-30292, CVE-2021-30297, CVE-2021-30302, CVE-2021-30310, CVE-2021-1983

This security update includes the CVE of other third-party library patches:

Advertisement

High: CVE-2021-20322, CVE-2021-3640

This security update includes the following HUAWEI patches:

CVE-2021-40026: Heap-based buffer overflow vulnerability in the AOD module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

Advertisement

CVE-2021-40020: Out-of-bounds array read vulnerability in the security storage module

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module

Severity: High

Advertisement

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40009: Out-of-bounds write vulnerability in the AOD module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

Advertisement

CVE-2021-40038: Double free vulnerability in the AOD module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40037: Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem

Severity: Medium

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-40029: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect function stability.

Advertisement

CVE-2021-40035: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40031: Null pointer dereference vulnerability in the camera module

Severity: Medium

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40039: Null pointer dereference vulnerability in the camera module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

Advertisement

CVE-2021-40004: Improper permission management vulnerability in the cellular module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Min

Min En specializes in smartphone reviews, EMUI/HarmonyOS coverage, and mobile industry analysis. His in-depth knowledge of Huawei's ecosystem, from flagship devices to emerging technologies, makes him a trusted voice in the tech community.

Leave a Comment
Share
Published by
Min
Tags: EMUIEMUI updatesHuaweiJanuary 2022 HuaweiJanuary 2022 Huawei EMUI patchJanuary 2022 Huawei EMUI security patchJanuary 2022 Huawei newsJanuary 2022 Huawei Updates
4 years ago

Recent Posts

Why Your Huawei Phone WiFi Keeps Disconnecting (And How I Fixed It)

Okay, so you're sitting in your favorite café, scrolling through Instagram, and suddenly your WiFi…

22 hours ago

Huawei Phone Not Charging? 9 Complete Fixes

Your Huawei phone won't charge. You plug it in, nothing happens. Before you panic or…

6 days ago

How to Unlock Huawei Phone: Key Methods Without Data Loss

Locked out of your Huawei phone? Don't panic. Whether you've forgotten your password, PIN, pattern,…

1 week ago

Huawei Phone Battery Drain Fix: Complete Troubleshooting Guide (2026)

Is your Huawei phone dying in just a few hours? You're not alone. Battery drain…

1 week ago

Huawei Mate 70 Air shows up in a promotional photo

Huawei is getting ready to release a new super-thin phone called the Mate 70 Air.…

5 months ago

Huawei Mate 80 series latest Information

Tipster Digital Chat Station has confirmed that the Chinese tech giant Huawei will release new…

6 months ago