Headline
CVE-2023-44109: October
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.
HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:
This security update includes the following third-party library patches:
This security update includes the CVE announced in the September 2023 Android security bulletin:
Critical: CVE-2023-35658, CVE-2023-35673
High: CVE-2023-35679, CVE-2023-35687, CVE-2023-35669, CVE-2023-35667, CVE-2023-35677, CVE-2023-35666, CVE-2023-35684, CVE-2023-28584
Medium: none
Low: none
Already included in previous updates: CVE-2023-21284, CVE-2020-29374, CVE-2023-21251, CVE-2023-20942, CVE-2023-21189
※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).
This security update includes the CVE of other third-party library patches:
Critical: CVE-2023-4863
This security update includes the following HUAWEI patches:
CVE-2023-41295: Vulnerability of improper permission management in the displayengine module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause the screen to turn dim.
CVE-2023-41304: Parameter verification vulnerability in the window module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.
CVE-2023-44093: Vulnerability of package names’ public keys not being verified in the security module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44094: Type confusion vulnerability in the distributed file module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44095: Use-After-Free (UAF) vulnerability in the surfaceflinger module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability can cause system crash.
CVE-2023-44096: Vulnerability of brute-force attacks on the device authentication module
Severity: High
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44097: Vulnerability of the permission to access device SNs being improperly managed
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44100: Broadcast permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44102: Broadcast permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.
CVE-2023-44103: Out-of-bounds read vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44104: Broadcast permission control vulnerability in the Bluetooth module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44105: Vulnerability of permissions not being strictly verified in the window management module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44106: API permission management vulnerability in the Fwk-Display module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2023-44108: Type confusion vulnerability in the distributed file module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may cause the device to restart.
CVE-2023-44109: Clone vulnerability in the huks ta module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44110: Out-of-bounds access vulnerability in the audio module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2023-44111: Vulnerability of brute-force attacks on the device authentication module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44114: Out-of-bounds array vulnerability in the dataipa module
Severity: Medium
Affected versions: EMUI 13.0.0
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-44116: Vulnerability of access permissions not being strictly verified in the APPWidget module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability may cause some apps to run without being authorized.
CVE-2023-44118: Vulnerability of undefined permissions in the MeeTime module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2023-44119: Vulnerability of mutual exclusion management in the kernel module
Severity: Medium
Affected versions: EMUI 13.0.0, EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
Impact: Successful exploitation of this vulnerability will affect availability.
Related news
Plus: Major security patches from Microsoft, Mozilla, Atlassian, Cisco, and more.
An update for libwebp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
Red Hat Security Advisory 2023-5214-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.
An update for libwebp is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which give a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker...
Ubuntu Security Notice 6369-1 - It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.
Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.