Headline
CVE-2021-40011: January
There is an Uncontrolled resource consumption vulnerability in the display module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following third-party library patches:
This security update includes the CVE announced in the December 2021 Android security bulletin:
Critical: CVE-2021-0967, CVE-2021-0968
High: CVE-2021-0704, CVE-2021-0952, CVE-2021-0954, CVE-2021-0955, CVE-2021-0963, CVE-2021-0964, CVE-2021-0965, CVE-2021-0966, CVE-2021-0970, CVE-2021-0971, CVE-2021-33909, CVE-2021-38204
Medium: CVE-2021-0726, CVE-2021-0849, CVE-2021-0731, CVE-2021-0738, CVE-2021-0761, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0772, CVE-2021-0789, CVE-2021-0803, CVE-2021-0866, CVE-2021-0716, CVE-2021-0855, CVE-2021-0560, CVE-2021-0805, CVE-2021-0779, CVE-2021-0791, CVE-2021-0795, CVE-2021-0838, CVE-2021-0840, CVE-2021-0844, CVE-2021-0796, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0822, CVE-2021-0824, CVE-2021-0886, CVE-2021-0969, CVE-2021-0976, CVE-2021-0992, CVE-2021-0998, CVE-2021-1007, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1022, CVE-2021-1024, CVE-2021-1030, CVE-2021-1031, CVE-2020-25668, CVE-2021-39636, CVE-2021-39648, CVE-2021-39656, CVE-2021-23134
Low: none
Already included in previous updates: CVE-2020-0368, CVE-2021-0434, CVE-2021-0929, CVE-2021-0794, CVE-2021-0837, CVE-2021-0759, CVE-2020-26139, CVE-2020-11288, CVE-2020-11176, CVE-2020-11291, CVE-2020-11304, CVE-2021-1900, CVE-2021-1925, CVE-2021-1937, CVE-2021-30260, CVE-2021-1914, CVE-2021-1916, CVE-2021-1919, CVE-2021-1920, CVE-2021-1886, CVE-2021-1888, CVE-2021-1889, CVE-2021-1890, CVE-2021-1909, CVE-2021-1923, CVE-2021-1933, CVE-2021-1935, CVE-2021-1946, CVE-2021-1952, CVE-2021-1960, CVE-2021-1971, CVE-2021-30295, CVE-2021-1934, CVE-2021-1913, CVE-2021-1917, CVE-2021-1932, CVE-2021-1936, CVE-2021-1949, CVE-2021-1959, CVE-2021-1984, CVE-2021-1985, CVE-2021-30256, CVE-2021-30257, CVE-2021-30258, CVE-2021-30288, CVE-2021-30291, CVE-2021-30292, CVE-2021-30297, CVE-2021-30302, CVE-2021-30310, CVE-2021-1983
※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the CVE of other third-party library patches:
High: CVE-2021-20322, CVE-2021-3640
This security update includes the following HUAWEI patches:
CVE-2021-40026: Heap-based buffer overflow vulnerability in the AOD module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40020: Out-of-bounds array read vulnerability in the security storage module
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-40011: Uncontrolled resource consumption vulnerability in the display module
Severity: High
Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40009: Out-of-bounds write vulnerability in the AOD module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40038: Double free vulnerability in the AOD module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40037: Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may cause the system to crash and restart.
CVE-2021-40029: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40035: Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40031: Null pointer dereference vulnerability in the camera module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40039: Null pointer dereference vulnerability in the camera module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40004: Improper permission management vulnerability in the cellular module
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.