Huawei has officially started the EMUI 12 stable rollout for global devices. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.
Apart from the EMUI 12 and HarmonyOS, the April 2022 Huawei EMUI security patch is now live and it fixes 19 High levels, and 9 mediums while there are no low levels of CVEs.
This security update includes the CVE announced in the March 2022 Android security bulletin:
Critical: none
High: CVE-2021-39624, CVE-2021-39667, CVE-2021-39692, CVE-2021-39695, CVE-2021-39697, CVE-2021-39703, CVE-2021-39704, CVE-2021-39706, CVE-2021-39707, CVE-2021-39686, CVE-2021-35105, CVE-2022-20053, CVE-2021-39698, CVE-2021-39685, CVE-2021-3655, CVE-2021-35088, CVE-2021-35103, CVE-2021-35106, CVE-2021-35117
Medium: CVE-2021-30299, CVE-2021-33624, CVE-2021-37159, CVE-2021-39711, CVE-2021-39714, CVE-2021-39792, CVE-2021-41864, CVE-2021-43975, CVE-2021-22600
Low: none
Already included in previous updates: CVE-2021-40490, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890, CVE-2021-40148, CVE-2021-0987, CVE-2021-1005, CVE-2021-1014, CVE-2021-1015
This security update includes the following HUAWEI patches:
CVE-2022-22258: Event notification vulnerability in the Wi-Fi module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause third-party apps to intercept and add information and result in elevation-of-privilege.
CVE-2022-22257: Vulnerability of improper permission control in the customization framework
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect integrity.
CVE-2022-22256: Vulnerability of improper access control in the DFX module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-22255: Common DoS vulnerability in the application framework
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-22254: Permission bypass vulnerability when the CAs in the NFC module accesses the TEE
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-22253: Vulnerability of improper validation of integrity check values in the DFX module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect system stability.
CVE-2022-22252: UAF vulnerability in the DFX module
Severity: Critical
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect system stability.
CVE-2021-46742: Unauthorized insertion and tampering of settings secure data in the multi-window module.
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-46740: Vulnerability of defects being introduced in the design process in the device authentication service module
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2021-40065: Service logic error vulnerability in the communication module
Severity: High
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
According to the official information, the Huawei released the delisting announcement of its Petal Mail…
Huawei has started rolling out the new November 2024 app update to its Health Application.…
Huawei released the Mate 70 series of mobile phones, with a starting price of 5,499…
Huawei officially announced the new FreeBuds Pro 4 headphones. This is the first TWS headset…
Huawei's Mate 70 series of mobile phones was officially unveiled today. The new series of…
According to the latest information, the Chinese tech giant Huawei is said to launch the…