Huawei News

Huawei released January 2022 EMUI security details

Huawei has officially started the EMUI 12 beta rollout for global devices. Starting with Europe the company has expanded its new EMUI version rapidly and seems to be starting a stable rollout in H1 2022. In terms of security patches, Huawei also focuses on the HarmonyOS update for its eligible devices in a regular manner.

Apart from the EMUI 12 and HarmonyOS, the January 2022 Huawei EMUI security patch is now live and it fixes 2 critical, 12 high levels of CVEs, 47 medium levels of CVEs while there’s no low level of CVEs. The December 2021 security patch (third-party library) also fixes 2 high levels of CVE.

This January 2022 security update includes the following third-party library patches:

This security update includes the CVE announced in the December 2021 Android security bulletin:

Critical: CVE-2021-0967, CVE-2021-0968

High: CVE-2021-0704, CVE-2021-0952, CVE-2021-0954, CVE-2021-0955, CVE-2021-0963, CVE-2021-0964, CVE-2021-0965, CVE-2021-0966, CVE-2021-0970, CVE-2021-0971, CVE-2021-33909, CVE-2021-38204

Advertisement

Medium: CVE-2021-0726, CVE-2021-0849, CVE-2021-0731, CVE-2021-0738, CVE-2021-0761, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0772, CVE-2021-0789, CVE-2021-0803, CVE-2021-0866, CVE-2021-0716, CVE-2021-0855, CVE-2021-0560, CVE-2021-0805, CVE-2021-0779, CVE-2021-0791, CVE-2021-0795, CVE-2021-0838, CVE-2021-0840, CVE-2021-0844, CVE-2021-0796, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0822, CVE-2021-0824, CVE-2021-0886, CVE-2021-0969, CVE-2021-0976, CVE-2021-0992, CVE-2021-0998, CVE-2021-1007, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1022, CVE-2021-1024, CVE-2021-1030, CVE-2021-1031, CVE-2020-25668, CVE-2021-39636, CVE-2021-39648, CVE-2021-39656, CVE-2021-23134

Low: none

Already included in previous updates: CVE-2020-0368, CVE-2021-0434, CVE-2021-0929, CVE-2021-0794, CVE-2021-0837, CVE-2021-0759, CVE-2020-26139, CVE-2020-11288, CVE-2020-11176, CVE-2020-11291, CVE-2020-11304, CVE-2021-1900, CVE-2021-1925, CVE-2021-1937, CVE-2021-30260, CVE-2021-1914, CVE-2021-1916, CVE-2021-1919, CVE-2021-1920, CVE-2021-1886, CVE-2021-1888, CVE-2021-1889, CVE-2021-1890, CVE-2021-1909, CVE-2021-1923, CVE-2021-1933, CVE-2021-1935, CVE-2021-1946, CVE-2021-1952, CVE-2021-1960, CVE-2021-1971, CVE-2021-30295, CVE-2021-1934, CVE-2021-1913, CVE-2021-1917, CVE-2021-1932, CVE-2021-1936, CVE-2021-1949, CVE-2021-1959, CVE-2021-1984, CVE-2021-1985, CVE-2021-30256, CVE-2021-30257, CVE-2021-30258, CVE-2021-30288, CVE-2021-30291, CVE-2021-30292, CVE-2021-30297, CVE-2021-30302, CVE-2021-30310, CVE-2021-1983

This security update includes the CVE of other third-party library patches:

High: CVE-2021-20322, CVE-2021-3640

Advertisement

This security update includes the following HUAWEI patches:

CVE-2021-40026: Heap-based buffer overflow vulnerability in the AOD module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

Advertisement

CVE-2021-40020: Out-of-bounds array read vulnerability in the security storage module

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module

Advertisement

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40009: Out-of-bounds write vulnerability in the AOD module

Severity: Medium

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40038: Double free vulnerability in the AOD module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40037: Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.

Advertisement

CVE-2021-40029: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40035: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module

Advertisement

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect function stability.

CVE-2021-40031: Null pointer dereference vulnerability in the camera module

Severity: Medium

Advertisement

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40039: Null pointer dereference vulnerability in the camera module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0

Advertisement

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-40004: Improper permission management vulnerability in the cellular module

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Advertisement

Amit

I write about Huawei Latest News, EMUI Updates & more. I am also a fitness freak. For any information, tip or help send me an email at huaweiupdatenews@gmail.com

Recent Posts

Huawei FreeBuds 6i HarmonyOS 4.2.0.216 update rolling out

Huawei has started rolling out the HarmonyOS 4.2.0.216 software update to its FreeBuds 6i wireless…

2 days ago

Huawei AI Life App getting 14.1.1.332 November 2024 update

Huawei AI Life is a unified platform for managing IoT devices. Easily control your Wi-Fi/mobile…

2 days ago

Huawei Browser November 2024 update brings 15.0.7.301 version

Huawei has started rolling out a new update to its Browser App. As per the…

6 days ago

A new update for Huawei Quick App Center is now available

Huawei updated its Quick App Center with version 14.3.1.301. Huawei Quick App Center allows you to…

6 days ago

Huawei HMS Core October 2024 version 6.14.0.322 rolling out

Huawei has started updating its applications to the latest versions. Now adding one more app…

1 week ago

TSMC Halts Shipments to Chinese Firm Sophgo After Chip Found in Huawei Processor

TSMC has halted shipments to Chinese chip designer Sophgo after a chip it manufactured was…

2 weeks ago