EMUI
October 2021 Huawei EMUI Security details comes in advance
Huawei has released the October 2021 EMUI/Magic UI security patch details for its various devices in advance. It’s quite impressive that the company is more focused on its monthly updates and announced it early, which is not the case with previous patches.
This latest update contains monthly Android and Huawei patches for addressing some known bugs in the system. After, the installation of this monthly security patch it’ll stabilize the performance of the devices and keep them protected from some external and internal threads.
Moving with the update release note, the October 2021 EMUI security patch brings 46 fixes address by Google and 56 fixes address by the manufacturer Huawei. However, the company is still sending the September 2021 security release note to different regions.
Besides, this Chinese phone maker also published the HarmonyOS security patch details for September 2021. At the same time, it also started to roll out this update for various devices on HarmonyOS 2.0 by the start of this month.
And now, let talk about the October 2021 EMUI/Magic UI security patch containing the fixes released by Huawei and Google.
Android Security Patches:
There’s a total of 46 CVE, among them, there’s one critical level, 27 are of high level, and 2 medium level CVE fixes. In addition, 16 CVEs were already included in previously released fixes. You can check the details below-
- Critical: CVE-2021-0687
- High: CVE-2021-0644, CVE-2021-0682, CVE-2021-0683, CVE-2021-0684, CVE-2021-0686, CVE-2021-0598, CVE-2021-0688, CVE-2021-0689, CVE-2021-0690, CVE-2021-0595, CVE-2020-26558, CVE-2021-0695, CVE-2021-0680, CVE-2021-0681, CVE-2019-10581, CVE-2021-0518, CVE-2021-30290, CVE-2021-30294, CVE-2021-1941, CVE-2021-1948, CVE-2021-1974, CVE-2021-0869, CVE-2021-30290, CVE-2021-30294, CVE-2021-0685, CVE-2021-0693, CVE-2021-0869
- Medium: CVE-2021-1957, CVE-2021-1961
- Already included in previous updates: CVE-2021-0519, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0515, CVE-2021-0514, CVE-2021-0513, CVE-2021-0571, CVE-2020-0368, CVE-2021-0592, CVE-2021-0577, CVE-2021-0639, CVE-2020-14381, CVE-2021-3347, CVE-2021-1947, CVE-2021-28375
Huawei Security Patches:
Huawei has acknowledged a total of 56 CVEs with the October 2021 EMUI/Magic UI security patch for Huawei and Honor devices. Furthermore, the latest fixes include 37 Medium, 13 high, and 6 low levels of CVEs. Scroll down for detailed information.
- CVE-2021-22326: Kernel space read/write vulnerability [Medium Severity]
- CVE-2021-22319: Improper verification vulnerability [Medium Severity]
- CVE-2021-22488: Unauthorized file access vulnerability [Medium Severity]
- CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices [Medium Severity]
- CVE-2021-22481: Verification errors [Medium Severity]
- CVE-2021-22489: DoS vulnerability [Medium Severity]
- CVE-2021-22469: Out-of-bounds memory read vulnerability [Medium Severity]
- CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones [Medium Severity]
- CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices [Medium Severity]
- CVE-2021-22420: Vulnerability of forging package names by implementing the getBasePackageName method in some Huawei devices [High Severity]
- CVE-2021-22475: Improper permission management vulnerability [Medium Severity]
- CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some Huawei phones [High Severity]
- CVE-2021-37011: Improper verification vulnerability [High Severity]
- CVE-2021-22491: Input verification vulnerability [Medium Severity]
- CVE-2021-36999: Buffer overflow vulnerability [Medium Severity]
- CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed [Medium Severity]
- CVE-2021-36995: Unauthorized file access vulnerability [Medium Severity]
- CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions [Low Severity]
- CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input [Medium Severity]
- CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones [Medium Severity]
- CVE-2021-36989: Kernel crash vulnerability [Medium Severity]
- CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones [Medium Severity]
- CVE-2021-36985: Code injection vulnerability [Medium Severity]
- CVE-2021-22370: Improper verification vulnerability [High Severity]
- CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices [Low Severity]
- CVE-2021-22345: Improper verification vulnerability [Medium Severity]
- CVE-2021-37020: Improper verification vulnerability [High Severity]
- CVE-2021-37119: Service logic vulnerability [Medium Severity]
- CVE-2021-22374: Out-of-bounds array access in the kernel of some Huawei phones [Medium Severity]
- CVE-2021-37117: Service logic vulnerability [Medium Severity]
- CVE-2021-37116: Input verification vulnerability [High Severity]
- CVE-2021-37114: Out-of-bounds read vulnerability [Low Severity]
- CVE-2021-37111: Memory leakage vulnerability [Medium Severity]
- CVE-2021-37110: Timing design defects [High Severity]
- CVE-2021-37103: Improper permission management vulnerability in the Huawei Wallet app [Medium Severity]
- CVE-2021-37093: Improper access control vulnerability [High Severity]
- CVE-2021-37092: Memory leakage vulnerability [Medium Severity]
- CVE-2021-37075: Credential management vulnerability [High Severity]
- CVE-2021-37056: Improper permission control vulnerability [Medium Severity]
- CVE-2021-37054: Identity spoofing and authentication bypass vulnerability [Medium Severity]
- CVE-2021-37053: Service logic vulnerability in some HUAWEI devices [Medium Severity]
- CVE-2021-37052: Exception log vulnerability High Severity]
- CVE-2021-37051: Out-of-bounds read vulnerability [Medium Severity]
- CVE-2021-37050: Missing sensitive data encryption vulnerability [High Severity]
- CVE-2021-37049: Heap-based buffer overflow vulnerability [Medium Severity]
- CVE-2021-37047: Input verification vulnerability [Low Severity]
- CVE-2021-37045: UAF vulnerability [High Severity]
- CVE-2021-37044: Permission control vulnerability [Medium Severity]
- CVE-2021-37042: Improper verification vulnerability [Low Severity]
- CVE-2021-37041: Improper verification vulnerability [Low Severity]
- CVE-2021-37040: Parameter injection vulnerability [Medium Severity]
- CVE-2021-37038: Improper access control vulnerability [Medium Severity]
- CVE-2021-37021: Improper verification vulnerability [Medium Severity]
- CVE-2021-37120: Double free vulnerability [High Severity]
- CVE-2021-37121: Configuration defects in some [Medium Severity]
- CVE-2021-37014: Integer overflow vulnerability [Medium Severity]
Availability:
At present, the company is only releasing the September security patch for Global and domestic users. The October Security patch is yet to roll out for the users. However, looking at the focus of the company, it’ll soon start the rollout process, we’ll keep to posted further. Until then, Stay connected with us.