CVE Issues on May 2021 EMUI Security Patch
Huawei has released the May 2021 security patch details, which fixes many issues and bugs to provide better system security. The May 2021 security patch fixes common vulnerabilities and exposures (CVE) including 3 Criticals, 10 High levels and 4 Medium levels of CVE’s.
In the May 2021 security patch, Huawei has fixes some issues found on the EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1.
This security update includes the following Huawei patches:
CVE-2021-22348: UAF security vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause code to execute.
CVE-2021-22343: Logic bypass vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22351: DoS vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table, causing system exceptions.
CVE-2021-22350: UAF security vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0,Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the device to crash and restart.
CVE-2021-22349: DoS vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of insufficient input verification may cause the system to restart.
CVE-2021-22352: Vulnerability of hijacking unverified providers in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE-2021-22347: DoS vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause temporary DoS.
CVE-2021-22346: Improper permission management vulnerability in some Huawei phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.
CVE-2021-22345: Improper verification vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory write.
CVE-2021-22344: DoS vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause temporary DoS.
CVE-2021-22353: UAF security vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause the kernel to restart.
CVE-2021-22354: Driver type confusion vulnerability in some Huawei phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds read.
CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some Huawei phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause app redirections.
Related:
Huawei announced that it will launch the Huawei Service Rewards Promotion starting November 11. Users…
Huawei has started rolling out the HarmonyOS 4.2.0.216 software update to its FreeBuds 6i wireless…
Huawei AI Life is a unified platform for managing IoT devices. Easily control your Wi-Fi/mobile…
Huawei has started rolling out a new update to its Browser App. As per the…
Huawei updated its Quick App Center with version 14.3.1.301. Huawei Quick App Center allows you to…
Huawei has started updating its applications to the latest versions. Now adding one more app…