Huawei released EMUI October 2021 security patch details

Huawei launched the HarmonyOS 2.0 operating system for smartphones in June this year. Following the launch, there are many smartphones and devices that were updated with the HarmonyOS updates in the form of beta and stable. Recently, the 120 million HarmonyOS 2.0 upgrade device milestone has been achieved by the company.

Apart from the HarmonyOS, the company has also upgraded its device security patches. Now, Huawei has officially released the October 2021 EMUI and Magic UI security patch details, the security update includes the CVE (Common Vulnerabilities and Exposures). This security update includes the CVE announced in the September 2021 security bulletin. It includes 1 Critical, 27 High and 2 Medium levels of CVE’s.

According to the track record, the Common Vulnerabilities and Exposures (CVE) system tracks publicly known security vulnerabilities and exposures in publicly released software packages.

This security update includes the CVE announced in the October 2021 Android security bulletin.

Critical: CVE-2021-0687

High: CVE-2021-0644, CVE-2021-0682, CVE-2021-0683, CVE-2021-0684, CVE-2021-0686, CVE-2021-0598, CVE-2021-0688, CVE-2021-0689, CVE-2021-0690, CVE-2021-0595, CVE-2020-26558, CVE-2021-0695, CVE-2021-0680, CVE-2021-0681, CVE-2019-10581, CVE-2021-0518, CVE-2021-30290, CVE-2021-30294, CVE-2021-1941, CVE-2021-1948, CVE-2021-1974, CVE-2021-0869, CVE-2021-30290, CVE-2021-30294, CVE-2021-0685, CVE-2021-0693, CVE-2021-0869

Medium: CVE-2021-1957, CVE-2021-1961

Low: none

Already included in previous updates: CVE-2021-0519, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0515, CVE-2021-0514, CVE-2021-0513, CVE-2021-0571, CVE-2020-0368, CVE-2021-0592, CVE-2021-0577, CVE-2021-0639, CVE-2020-14381, CVE-2021-3347, CVE-2021-1947, CVE-2021-28375

This security update includes the following HUAWEI patches:

CVE-2021-22326: Kernel space read/write vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause integer overflows.

CVE-2021-22488: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22481: Verification errors in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22489: DoS vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22469: Out-of-bounds memory read vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause the kernel to crash.

CVE-2021-22460: Boot restriction bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE-2021-22420: Vulnerability of forging package names by implementing the getBasePackageName method in some HUAWEI devices

Severity: High

Affected versions: EMUI 9.1.1, EMUI 9.1.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect the normal use of system apps.

CVE-2021-22475: Improper permission management vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service stability and integrity.

CVE-2021-37011: Improper verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-22491: Input verification vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-36999: Buffer overflow vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE-2021-36997: Low memory error in some HUAWEI devices due to the unlimited size of images to be parsed

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

CVE-2021-36995: Unauthorized file access vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some HUAWEI devices due to race conditions

Severity: Low

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE-2021-36991: Unauthorized file access vulnerability in some HUAWEI devices due to unstandardized path input

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE-2021-36990: Vulnerability of tampering with the kernel in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36989: Kernel crash vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36986: Vulnerability of tampering with the kernel in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-36985: Code injection vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices

Severity: Low

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-22345: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.

CVE-2021-37020: Improper verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37119: Service logic vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-22374: Out-of-bounds array access in the kernel of some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause stability risks.

CVE-2021-37117: Service logic vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-37116: Input verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect product confidentiality and availability.

CVE-2021-37114: Out-of-bounds read vulnerability in some HUAWEI devices

Severity: Low

Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37111: Memory leakage vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause memory exhaustion.

CVE-2021-37110: Timing design defects in some HUAWEI devices

Severity: High

Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37103: Improper permission management vulnerability in the HUAWEI Wallet app

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37093: Improper access control vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37092: Memory leakage vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.

CVE-2021-37075: Credential management vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37056: Improper permission control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37053: Service logic vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause WLAN DoS.

CVE-2021-37052: Exception log vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause address information leakage.

CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.

CVE-2021-37047: Input verification vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 10.1.0, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may cause some services to restart.

CVE-2021-37045: UAF vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.

CVE-2021-37044: Permission control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service availability.

CVE-2021-37042: Improper verification vulnerability in some HUAWEI devices

Severity: Low

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37041: Improper verification vulnerability in some HUAWEI devices

Severity: Low

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.

CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37021: Improper verification vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.

CVE-2021-37120: Double free vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 10.1.0, EMUI 10.1.1, Magic UI 3.1.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.

CVE-2021-37121: Configuration defects in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 10.1.0, EMUI 10.0.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.

CVE-2021-37014: Integer overflow vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI11.0.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect the normal use of the device.