Huawei has released the May 2021 security patch details, which fixes many issues and bugs to provide better system security. The May 2021 security patch fixes common vulnerabilities and exposures (CVE) including 3 Criticals, 10 High levels and 4 Medium levels of CVE’s.
In the May 2021 security patch, Huawei has fixes some issues found on the EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1.
This security update includes the following Huawei patches:
CVE-2021-22348: UAF security vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code to execute.
CVE-2021-22343: Logic bypass vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22351: DoS vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.
CVE-2021-22350: UAF security vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0,Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the device to crash and restart.
CVE-2021-22349: DoS vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of insufficient input verification may cause the system to restart.
CVE-2021-22352: Vulnerability of hijacking unverified providers in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE-2021-22347: DoS vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause temporary DoS.
CVE-2021-22346: Improper permission management vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.
CVE-2021-22345: Improper verification vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE-2021-22344: DoS vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause temporary DoS.
CVE-2021-22353: UAF security vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the kernel to restart.
CVE-2021-22354: Driver type confusion vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause app redirections.
Related:
