Huawei News
These 49 issues on EMUI 11, 10.1, 10, Magic UI 4 and Magic UI 3.1 got fixed with July 2021 security patch
Huawei has released the July 2021 security patch details, which fixes many issues and bugs to provide better system security. The July 2021 security patch fixes common vulnerabilities and exposures (CVE) including 2 Criticals and 13 High levels of CVE’s.
In the July 2021 security patch, Huawei has fixes some issues found on the EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, and Magic UI 3.1.1.
These 49 issues on EMUI 11, 10.1, 10, Magic UI 4 and Magic UI 3.1 got fixed with July 2021 security patch:
CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.
CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
CVE-2021-36996: Improper verification vulnerability in some Huawei devices
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.
CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
CVE-2021-36993: Memory leaks in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-36992: Public key verification vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.
CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36988: Parameter verification issues in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can affect service integrity.
CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE-2021-36985: Code injection vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.
CVE-2021-22491: Input verification vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22490: Permission verification vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect the device performance.
CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22486: Unstandardized field names in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause DoS.
CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.
CVE-2021-36998: Improper verification vulnerability in some devices
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.
CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause process exceptions.
CVE-2021-22473: Authentication vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22472: Improper verification vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.
CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
Severity: High
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.
CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
Severity: Low
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
CVE-2021-22405: Configuration defects in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-22404: Directory traversal vulnerability in Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE-2021-22402: DoS vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause DoS attacks.
CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect service integrity.
CVE-2021-22395: Code injection vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
Huawei’s Mate 70 series of mobile phones was officially unveiled today. The new series of mobile phones are now open for reservation, and the number of reservations has exceeded 560,000 in 20 minutes . It includes three models: standard version, Pro and Pro +, with a total of 8 colors, and the highest memory combination of 16GB+1TB is available.
Huawei Mate 70
Color: Obsidian Black, Snow White, Spruce Green, Hyacinth Purple
Version: 12GB+256GB, 12GB+512GB and 12GB+1TB
Huawei Mate 70 Pro
Color
Obsidian Black
Snow White
Spruce Green
Hyacinth Purple
Version
12GB+256GB
12GB+512GB
12GB+1TB
Huawei Mate 70 Pro+
Color
Ink Black
Feather White
Gold and Silver Brocade
Flying Blue
Version
16GB+512GB
16GB+1TB
Huawei Mate 70
Screen: about 6.69 inches | 1.5K straight screen
Security: Side fingerprint | Face recognition solution to be determined
Image: Centered large circular triple-camera module | 50Mp 1/1.5″ large-bottom variable aperture + 12Mp 5X periscope telephoto
Battery: Support wireless charging
Protection: “High standard dust and water resistance”
Huawei Mate 70 Pro
Screen: 6.88 inches | 1.5K 120Hz quad-curved screen
Security: Support ToF 3D face recognition + side fingerprint
Image: 50Mp± 1/1.3″ large-bottom main camera (with variable aperture) + 50Mp± 1/2.5″± 3.5X± periscope telephoto macro
Battery: less than 6000mAh | Wired charging + wireless charging
Protection: Support dustproof and waterproof.
Huawei announced that it will launch the Huawei Service Rewards Promotion starting November 11. Users can enjoy service benefits such as 12% off on spare parts, 50 yuan off for battery replacement, and free labor costs for repairs.
Event Time
November 11, 2024 – December 31, 2024
Service Content
12% off on spare parts
Get 50 yuan off when you replace your battery.
Huawei Sound X4 smart speaker was launched on Huawei Mall, and full pre-sale started on the same day, and the first sale of the new product started at 20:00 on October 31.
The smart speaker is available in two colors: Rhythmic Black and Dynamic White, priced at 2199 yuan and 2599 yuan respectively.
The speaker contains eight units, including 1 woofer, 4 mid-range speakers, 1 tweeter and 2 passive radiators . Officials said that the high, medium and low frequency units work within their respective frequency response ranges, giving full play to the advantages of each unit. A HUAWEI Sound X4 can bring “symphony orchestra-like” sound effects.
The speaker has obtained Hi-Res high-definition sound quality certification, which can provide more sound details and also perceive the spatial sense of the sound. Its subwoofer has a power of 50W and is also equipped with 2 passive radiators. The low frequency dives to 36Hz and has a 25mm stroke.
In addition, its high-frequency unit has a power of 3W and the mid-frequency unit has a power of 5W, and they use pure titanium diaphragm and self-developed mica fiber diaphragm respectively.
The speaker is equipped with Huawei SOUND bass enhancement algorithm, which can actively control the vibration of the speaker, reduce distortion, improve the transient response of low frequency, and achieve deep and powerful low frequency performance. It adopts Sym-Pole mirror design to offset vibration noise and bring rich bass.
In addition, it supports control methods such as one-touch, one-cover, and two-tap, which can respectively complete operations such as lighting, muting, and turning off the lights. The speaker also supports intelligent recognition of spatial structure, emitting sound waves to detect the room structure and receiving feedback, and can automatically match the sound effect scheme in the spatial scene.