These 19 issues on EMUI 11 and 13 other versions got fixed with December 2021 patch

Huawei has released the December 2021 security patch details, which fixes some issues and bugs to provide better system security. In the December 2021 security patch, Huawei has fixed 14 issues found on the EMUI 11.0.0, Magic UI 4.0.0, EMUI 10.1.1, Magic UI 3.1.1, EMUI 11.0.1, EMUI 9.1.0, EMUI 9.1.1, EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, Magic UI 2.1.0, Magic UI 3.0.0, Magic UI 3.1, Magic UI 3.1.0.

This security update includes the following HUAWEI patches:

CVE-2021-37125: Input verification absence in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37069: Race condition vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39993: Integer overflow vulnerability with ACPU

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-39992: Improper security permission configuration vulnerability on ACPU

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-39991: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39986: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39974: Out-of-bounds read in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37133: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39994: Arbitrary address access vulnerability with the product line test code

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE-2021-37118: Man-in-the-middle (MITM) attack vulnerability when using HUAWEI Share in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 9.1.0, EMUI 9.1.1, EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, Magic UI 2.1.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37115: Unauthorized rewriting vulnerability with the memory access management module on ACPU

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37112: Incomplete device version verification vulnerability due to the integrity protection defects of the PC version of HiSuite in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.0.0, Magic UI 9.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-37109: Security protection bypass vulnerability with the modem

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause memory protection failure.

CVE-2021-37107: Improper memory access permission configuration on ACPU

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE-2021-37096: Input verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37074: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-39996: Heap-based buffer overflow vulnerability with the NFC module

Severity: High

Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause memory overflow.

CVE-2021-39998: Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 11.0.1, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE-2021-37043: Vulnerability of not performing strong foreground authentication on the caller in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 9.1.0, EMUI 9.1.1, EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 11.0.1, Magic UI 2.1.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0.

EMUI December 2021 Patch

Join_Huawei_Update_Telegram_Channel

Related Posts

Leave a Comment