Huawei News
These 11 issues on EMUI 12 and other versions got fixed with January 2022 patch
Huawei has released the January 2022 security patch details, which fixes some issues and bugs to provide better system security. In the January 2022 security patch, Huawei has fixed 11 issues found on the EMUI 12, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1.
This security update includes the CVE of other third-party library patches:
High: CVE-2021-20322, CVE-2021-3640
This security update includes the following HUAWEI patches:
CVE-2021-40026: Heap-based buffer overflow vulnerability in the AOD module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40020: Out-of-bounds array read vulnerability in the security storage module
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40009: Out-of-bounds write vulnerability in the AOD module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40038: Double free vulnerability in the AOD module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40037: Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.
CVE-2021-40029: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40035: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40031: Null pointer dereference vulnerability in the camera module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40039: Null pointer dereference vulnerability in the camera module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40004: Improper permission management vulnerability in the cellular module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
