News
Huawei fixed these 49 EMUI security issues with July 2021 patch
Huawei’s just-released July 2021 security patch detail reveals that the company has fixed around 49 new EMUI security issues. As per the info, Huawei fixed 49 EMUI issues with July 2021 patch along with 21 high-level, and 28 medium levels of CVEs.
The Chinese tech giant is going all busy nowadays, it has a number of tasks to do and several goals to achieve. The HarmonyOS rollout is still in progress and alongside there are P50 series phones in line, waiting to get unveiled.
Join us on Telegram
Even with these lots of works, the company is still makings some time to roll out the July 2021 security patch for its EMUI powered devices around the world. This must be the reason for the late EMUI bulletin rollout.
Know more about HarmonyOS global rollout here
Though Huawei has already started its work to switch to the new HarmonyOS, there are still many devices outside China that haven’t yet begun the process of HM OS upgrade.
Following Huawei EMUI issue fixed by July 2021 patch
Below are all those 49 EMUI issues that Huawei got fixed with the latest July 2021 security patch. Check out below.
CVE 1:
- CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
- Severity: Low
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 2:
- CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
- Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.
CVE 3:
- CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
CVE 4:
- CVE-2021-36996: Improper verification vulnerability in some Huawei devices
- Severity: Low
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.
CVE 5:
- CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE 6:
- CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
- Severity: Low
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
CVE 7:
- CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
- Severity: High
- Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
- Impact: Successful exploitation of this vulnerability may lead to authentication bypass.
CVE 8:
- CVE-2021-36993: Memory leaks in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service availability.
CVE 9:
- CVE-2021-36992: Public key verification vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 10:
- CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.
CVE 11:
- CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE 12:
- CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE 13:
- CVE-2021-36988: Parameter verification issues in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability can affect service integrity.
CVE 14:
- CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE 15:
- CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate permissions.
CVE 16:
- CVE-2021-36985: Code injection vulnerability in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.
CVE 17:
- CVE-2021-22491: Input verification vulnerability in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service availability.
CVE 18:
- CVE-2021-22490: Permission verification vulnerability in some Huawei phones
- Severity: Low
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
- Impact: Successful exploitation of this vulnerability may affect the device performance.
CVE 19:
- CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
CVE 20:
- CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may affect service availability.
CVE 21:
- CVE-2021-22486: Unstandardized field names in some Huawei phones
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 22:
- CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 23:
- CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may cause DoS.
CVE 24:
- CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
- Severity: Low
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.
CVE 25:
- CVE-2021-36998: Improper verification vulnerability in some devices
- Severity: Low
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.
CVE 26:
- CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may cause process exceptions.
CVE 27:
- CVE-2021-22473: Authentication vulnerability in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 28:
- CVE-2021-22472: Improper verification vulnerability in some Huawei phones
- Severity: High
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 29:
- CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 30:
- CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE 31:
- CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.
CVE 32:
- CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE 33:
- CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
- Severity: High
- Affected versions: EMUI 10.1.1, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE 34:
- CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE 35:
- CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE 36:
- CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE 37:
- CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.
CVE 38:
- CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE 39:
- CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
- Severity: High
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE 40:
- CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
- Severity: Low
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 41:
- CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
- Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
CVE 42:
- CVE-2021-22405: Configuration defects in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may affect service availability.
CVE 43:
- CVE-2021-22404: Directory traversal vulnerability in Huawei phones
- Severity: Low
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 44:
- CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
- Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.
CVE 45:
- CVE-2021-22402: DoS vulnerability in some Huawei phones
- Severity: High
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may cause DoS attacks.
CVE 46:
- CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
- Severity: High
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability can affect service integrity.
CVE 47:
- CVE-2021-22395: Code injection vulnerability in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE 48:
- CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
- Severity: Medium
- Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
- Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
CVE 49:
- CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
- Severity: High
- Affected versions: EMUI 11.0.0, Magic UI 4.0.0
- Impact: Successful exploitation of this vulnerability may affect service confidentiality.
HarmonyOS 2.0 for global users awaits!
Meanwhile, Huawei is has announced the July 2021 security patch for its EMUI powered devices. The users outside China are still waiting for the HarmonyOS 2.0. Also, the company has not yet officially announced its rollout plan.
We as a speculator can only make you some hopes by giving you the possible estimation, while the actual confirmation will arrive from the company itself. As per our speculations, Huawei might announce its full-proof HarmonyOS global rollout plan by the fourth quarter.
However, looking at the speed of HarmonyOS 2.0 rollout, we can also expect it to arrive earlier than the fourth quarter. In addition, the P50 lineup is coming at July 29 launch event and we might expect some announcement or any further declaration over the global rollout, so let’s just wait and watch.