Huawei has recently shared information regarding the HarmonyOS 3 beta. Now, the Chinese tech giant also shared the security patch details for the month of July 2022.
In July 2022 EMUI security patch details, Huawei fixes 2 critical, 12 High levels, and 18 medium levels of CVEs while there are no low levels of CVEs.
You might also like
This security update includes the CVE announced in the June 2022 Android security bulletin:
Critical: CVE-2022-20130, CVE-2022-20145
High: CVE-2021-39691, CVE-2022-20006, CVE-2022-20134, CVE-2022-20135, CVE-2022-20142, CVE-2022-20143, CVE-2022-20141, CVE-2021-4154, CVE-2022-25375, CVE-2022-24958, CVE-2022-25258, CVE-2022-20132
Medium: CVE-2021-39806, CVE-2022-20197, CVE-2022-20201, CVE-2022-20202, CVE-2021-35118, CVE-2021-20268, CVE-2021-20321, CVE-2021-35121, CVE-2021-3635, CVE-2021-3715, CVE-2021-3743, CVE-2021-3753, CVE-2021-38160, CVE-2022-0492, CVE-2022-20148, CVE-2022-20166, CVE-2022-26966, CVE-2021-35119
Low: none
Already included in previous updates:CVE-2021-39803, CVE-2022-20007, CVE-2022-20109, CVE-2022-20110, CVE-2020-11307, CVE-2021-30264, CVE-2020-11263, CVE-2021-1894, CVE-2021-30272, CVE-2021-30274, CVE-2021-30275, CVE-2021-30278, CVE-2021-30279, CVE-2021-30282
This security update includes the following HUAWEI patches:
CVE-2021-40016: Improper permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-46741: Vulnerability of defects being introduced in the design process in the basic framework and settings module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect integrity.
CVE-2021-40012: Vulnerability of pointers being incorrectly used during data transmission in the video framework
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-31751: Multi-thread competition for resources in the kernel emcom module
Severity: Critical
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2021-40013: Improper permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect integrity.
CVE-2022-34737: Incorrect permission assignment vulnerability in the application security module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2022-31755: Improper preservation of permissions vulnerability in the communications module
Severity: Medium
Affected versions: EMUI 11.0.1
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-34736: Null pointer vulnerability in the frame scheduling module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-34735: Null pointer vulnerability in the frame scheduling module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2022-34739: Addition overflow vulnerability in the fingerprint sensor module
Severity: High
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause the data of unknown addresses to be obtained from the address mapping.
CVE-2022-34742: Read/Write vulnerability in system components
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-34740: Buffer overflow vulnerability in the NFC module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-34741: Buffer overflow vulnerability in the NFC module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-31762: Input verification vulnerability in the AMS module
Severity: Medium
Affected versions: EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will cause unauthorized operations.
CVE-2022-34743: Out-of-bounds read vulnerability in the AT commands of the USB port
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-34738: Permission control vulnerability in the SystemUI module
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will cause the service running in the background being unable to be perceived by the user.
