Headline
CVE-2021-37038: September
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:
This security update includes the CVE announced in the Android security bulletin.
Critical: CVE-2021-1976, CVE-2021-1972
High: CVE-2021-0591, CVE-2021-0593, CVE-2021-0640, CVE-2021-0641, CVE-2021-0642, CVE-2021-0646, CVE-2021-0584, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-1978, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582, CVE-2021-0578
Medium: none
Low: none
Already included in previous updates: CVE-2019-9239, CVE-2019-9238, CVE-2019-9309, CVE-2021-1965, CVE-2021-1943, CVE-2021-1945, CVE-2021-1954, CVE-2021-1964
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the following HUAWEI patches:
CVE-2021-22450: Memory leaks in some HUAWEI devices due to exceptions when freeing memory
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.
CVE-2021-22323: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE-2021-37051: Out-of-bounds read vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.
CVE-2021-37050: Missing sensitive data encryption vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37049: Heap-based buffer overflow vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.
CVE-2021-37047: Input verification vulnerability in some HUAWEI phones
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause some services to restart.
CVE-2021-37046: Memory leak vulnerability with the codec detection module in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion.
CVE-2021-37045: UAF vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
CVE-2021-37044: Permission control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37040: Parameter injection vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.
CVE-2021-37039: Input verification vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause Bluetooth DoS.
CVE-2021-37038: Improper access control vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37037: Invalid address access vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2021-37027: DoS vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-37013: Permission control vulnerability with the setHdbKey API in HwPackageManagerServiceEx in some EMUI devices
Severity: Low
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service availability.
CVE-2021-37009: Multi-user settings vulnerability in the system components of some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37000: Improper permission management vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-36987: Nodes in the linked list being freed for multiple times in some HUAWEI devices due to race conditions
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-3506: Out-of-bounds operation vulnerability after rooting in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service stability and integrity.
CVE-2021-33909: Privilege escalation vulnerability in the file system components of some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22486: Unstandardized field names in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37052: Exception log vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may cause address information leakage.
CVE-2021-22437: Software integer overflow leading to a TOCTOU condition in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause random address access.
CVE-2021-22436: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.
CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.
CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.
CVE-2021-22425: Nodes in the linked list being freed for multiple times in some HUAWEI devices due to race conditions
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability can cause the system to restart.
CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some HUAWEI devices
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.
CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability, and integrity.
CVE-2021-22372: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22371: Allowing arbitrary capture of call stacks in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-22369: Memory leaks and out-of-bounds access vulnerabilities in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
CVE-2021-22368: Access control vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.0.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect normal use of the device.
CVE-2021-22346: Improper permission management vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may lead to the disclosure of user habits.
CVE-2021-22343: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity and availability.
CVE-2021-22334: Malicious Wi-Fi construction vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may cause app redirections.
CVE-2021-22325: Video streaming vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may result in video streams being intercepted during wired projections.
CVE-2021-37054: Identity spoofing and authentication bypass vulnerability in some HUAWEI phones
Severity: Medium
Affected versions: EMUI 10.1.1, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37055: Logic bypass vulnerability in some HUAWEI devices
Severity: Medium
Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may allow attempts to obtain certain device information.
CVE-2021-22322: Logic bypass vulnerability in some HUAWEI phones
Severity: High
Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.