March 2022 EMUI Patch Details
Huawei has officially started the EMUI 12 stable rollout for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.
Apart from the EMUI 12 and HarmonyOS, the March 2022 Huawei EMUI security patch is now live and it fixes 14 high levels of CVEs, 2 medium levels of CVEs while there’s no low level of CVEs. It also fixes the 9 CVEs announced in February 2022.
Critical: none
High: CVE-2020-13112, CVE-2020-13113, CVE-2021-39619, CVE-2021-39663, CVE-2021-39666, CVE-2021-39669, CVE-2021-39674, CVE-2021-39676, CVE-2021-39631, CVE-2021-35068, CVE-2021-35074, CVE-2021-35075, CVE-2021-35077, CVE-2021-35069
Medium: CVE-2021-30324, CVE-2021-30325
Low: none
Already included in previous updates: CVE-2021-39626, CVE-2021-39633, CVE-2021-39634, CVE-2021-0775, CVE-2021-1027, CVE-2021-1028, CVE-2021-1029, CVE-2021-0759, CVE-2021-0852
This security update includes the following HUAWEI patches:
CVE-2021-40054: Integer underflow vulnerability in the atcmdserver module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module
Severity: High
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40053: Permission control vulnerability in the Nearby module
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability will affect availability and integrity.
CVE-2021-40052: Incorrect buffer size calculation vulnerability in the video framework
Severity: High
Affected versions: EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40051: Unauthorized access vulnerability in system components
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40050: Out-of-bounds read vulnerability in the IFAA module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause stack overflow.
CVE-2021-40049: Permission control vulnerability in the PMS module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
CVE-2021-40048: Incorrect buffer size calculation vulnerability in the video framework
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2021-40062: Vulnerability of copying input buffer without checking its size in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40047: Vulnerability of memory not being released after effective lifetime in the Bastet module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40061: Vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40060: Heap-based buffer overflow vulnerability in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40059: Permission control vulnerability in the Wi-Fi module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40058: Heap-based buffer overflow vulnerability in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40057: Heap-based and stack-based buffer overflow vulnerabilities in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40056: Vulnerability of copying input buffer without checking its size in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40063: Improper access control vulnerability in the video module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40064: Heap-based buffer overflow vulnerability in system components
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect system stability.
CVE-2021-40055: Man-in-the-middle attack vulnerability during system update download in recovery mode
Severity: Critical
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
Okay, so you're sitting in your favorite café, scrolling through Instagram, and suddenly your WiFi…
Your Huawei phone won't charge. You plug it in, nothing happens. Before you panic or…
Locked out of your Huawei phone? Don't panic. Whether you've forgotten your password, PIN, pattern,…
Is your Huawei phone dying in just a few hours? You're not alone. Battery drain…
Huawei is getting ready to release a new super-thin phone called the Mate 70 Air.…
Tipster Digital Chat Station has confirmed that the Chinese tech giant Huawei will release new…