March 2022 EMUI Patch Details
Huawei has officially started the EMUI 12 stable rollout for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.
Apart from the EMUI 12 and HarmonyOS, the March 2022 Huawei EMUI security patch is now live and it fixes 14 high levels of CVEs, 2 medium levels of CVEs while there’s no low level of CVEs. It also fixes the 9 CVEs announced in February 2022.
Critical: none
High: CVE-2020-13112, CVE-2020-13113, CVE-2021-39619, CVE-2021-39663, CVE-2021-39666, CVE-2021-39669, CVE-2021-39674, CVE-2021-39676, CVE-2021-39631, CVE-2021-35068, CVE-2021-35074, CVE-2021-35075, CVE-2021-35077, CVE-2021-35069
Medium: CVE-2021-30324, CVE-2021-30325
Low: none
Already included in previous updates: CVE-2021-39626, CVE-2021-39633, CVE-2021-39634, CVE-2021-0775, CVE-2021-1027, CVE-2021-1028, CVE-2021-1029, CVE-2021-0759, CVE-2021-0852
This security update includes the following HUAWEI patches:
CVE-2021-40054: Integer underflow vulnerability in the atcmdserver module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module
Severity: High
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40053: Permission control vulnerability in the Nearby module
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability will affect availability and integrity.
CVE-2021-40052: Incorrect buffer size calculation vulnerability in the video framework
Severity: High
Affected versions: EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40051: Unauthorized access vulnerability in system components
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40050: Out-of-bounds read vulnerability in the IFAA module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause stack overflow.
CVE-2021-40049: Permission control vulnerability in the PMS module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.
CVE-2021-40048: Incorrect buffer size calculation vulnerability in the video framework
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2021-40062: Vulnerability of copying input buffer without checking its size in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40047: Vulnerability of memory not being released after effective lifetime in the Bastet module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40061: Vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2021-40060: Heap-based buffer overflow vulnerability in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40059: Permission control vulnerability in the Wi-Fi module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40058: Heap-based buffer overflow vulnerability in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40057: Heap-based and stack-based buffer overflow vulnerabilities in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40056: Vulnerability of copying input buffer without checking its size in the video framework
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-40063: Improper access control vulnerability in the video module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40064: Heap-based buffer overflow vulnerability in system components
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect system stability.
CVE-2021-40055: Man-in-the-middle attack vulnerability during system update download in recovery mode
Severity: Critical
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
Imagine a future where a national power grid acts more like an organic, self-healing computer…
Huawei Mate 90 Series Sales Date: Flagship Timeline Revealed Early Are you tired of waiting…
Huawei has officially launched its highly anticipated Nova 16 smartphone series in China. The absolute…
Huawei is sending out a brand new software update for its core mobile applications. This…
Huawei is quickly changing the luxury car market. In a massive surprise, the technology giant's…
Huawei recently announced major global partnership with Keyrus for data and AI growth Huawei is…