January 2022 EMUI security patch fixes these 11 privacy issues

Huawei has recently debuted its latest January 2022 EMUI security patch details that bring fixes of several common vulnerabilities and exposures. Currently, the Chinese tech maker is rolling out December 2021 security patch but it will soon dispatch the latest security improvements via OTA.

Alongside new product unveiling, Huawei is also good at taking care of its previously launched device and user data security. The company delivers regular firmware updates that include security, system stability optimizations, and more to improve overall device performance.

So, What are the fixes with January 2022 EMUI security patch?

Well, January 2022 EMUI security patch fixes 4 critical, 12 high, and 47 medium levels of CVEs for improved system security. Additionally, it also resolves 2 high levels of CVE in third-party libraries.

In addition to this, Huawei has also resolved some hidden privacy issues with January 2022 patch that was found in the latest EMUI software versions. To be mentioned, these privacy issues are very harmful to the system because they can enhance the possibility of data leakage and device hacking.

With monthly security patches, Huawei fixes the hidden privacy issue and lowers down the risk. The January 2022 security patch resolves 11 issues for users’ safety. You can check the solved CVE details, severity level, impact, and more detailed below.

January 2022 EMUI issues

The January 2022 security update fixed the following EMUI issues:

CVE 1:

  • CVE-2021-40026: Heap-based buffer overflow vulnerability in the AOD module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE 2:

  • CVE-2021-40020: Out-of-bounds array read vulnerability in the security storage module
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 3:

  • CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE 4:

  • CVE-2021-40009: Out-of-bounds write vulnerability in the AOD module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE 5:

  • CVE-2021-40038: Double free vulnerability in the AOD module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE 6:

  • CVE-2021-40037: Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
  • Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.

CVE 7:

  • CVE-2021-40029: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
  • Impact: Successful exploitation of this vulnerability may affect function stability.

CVE 8:

  • CVE-2021-40035: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
  • Impact: Successful exploitation of this vulnerability may affect function stability.

CVE 9:

  • CVE-2021-40031: Null pointer dereference vulnerability in the camera module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE 10:

  • CVE-2021-40039: Null pointer dereference vulnerability in the camera module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE 11:

  • CVE-2021-40004: Improper permission management vulnerability in the cellular module
  • Severity: Medium
  • Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

The post January 2022 EMUI security patch fixes these 11 privacy issues appeared first on Huawei Central.


Post a Comment

0 Comments