EMUI
November 2022 EMUI security patch fixes these 20 privacy issues
Huawei keeps on rolling monthly security patches to enhance its devices. Similarly, the November 2022 EMUI security patch fixes 20 privacy issues and makes your phones more efficient.
Following the tradition, the company has released the November 2022 EMUI patch with a big bundle of fixes for the terrible issues. In detail, the package marks an end to 1 critical, 8 high, and 14 medium levels of CVEs.
On the other hand, the latest security patch also includes fixes for 20 additional security troubles. For your information, these bugs can cause major problems in terms of data privacy.
Consequently, these fixes are related to memory management, kernel module, display services, and more. Besides, the company has also optimized some errors in the lock screen module and the Bluetooth functions. As a result, you will notice better stability in the respective fields.
Thus, by eliminating every harmful defect in your device, the November 2022 EMUI security patch improves data security and privacy aspects.
Further, these fixes will occur for EMUI 12 as well as EMUI 11 versions. Hence, if you are holding any of the builds on your handsets then you must install this update. To get a more detailed view of these issues, you can check the below-given section.
November 2022 security update fixed the following EMUI issues:
CVE 1
- CVE-2021-46851: Vulnerability of unstrict verification of the memory’s security attribute in the DRM module
- Risk Level: High
- Affected versions: EMUI12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability by attackers may cause the video playback to be abnormal.
CVE 2
- CVE-2021-46852: Logic bypass vulnerability in the memory management module
- Risk Level: Medium
- Affected Versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality
CVE 3
- CVE-2022-44546: Vulnerability that the kernel module automatically frees the memory but does not clear the mapping
- Risk Level: High
- Affected Versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause the system to restart
CVE 4
- CVE-2022-44547: UAF vulnerability in the Display Service module
- Risk Level: High
- Affected versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause Display Service to reset and restart.
CVE 5
- CVE-2022-44548: Vulnerability of unstrict permission verification during Bluetooth pairing
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause the dialog box to confirm the pairing not to be displayed during Bluetooth pairing.
CVE 6
- CVE-2022-44549: Geofencing API access vulnerability in the LBS module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause third-party apps to access the geofencing API without authorization, affecting user confidentiality.
CVE 7
- CVE-2022-44550: UAF vulnerability when traversing layers in the graphics display module.
- Risk Level: High
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability.
CVE 8
- CVE-2022-44551: Thread security vulnerability in the iaware module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability.
CVE 9
- CVE-2022-44552: Vulnerability of defects being introduced in the design process in the lock screen module
- Risk Level: Medium
- Affected versions: EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability.
CVE 10
- CVE-2022-44553: Vulnerability of not filtering third-party apps out while the HiView module traverses to invoke the system provider
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause third-party apps to be activated periodically.
CVE 11
- CVE-2022-44554: Unstrict permission verification vulnerability in the power module
- Risk Level: Medium
- Affected versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause the status of a module to be abnormal.
CVE 12
- CVE-2022-44555: Service hijacking vulnerability in the DDMP/ODMF module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause service unavailability.
CVE 13
- CVE-2022-44556: Missing parameter type validation in the DRM module
- Risk Level: High
- Affected versions: EMUI 12.0.0
- Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability.
CVE 14
- CVE-2022-44557: Vulnerability of obtaining the read and write permissions on arbitrary system files in the SmartTrimProcessEvent module
- Risk Level: High
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality.
CVE 15
- CVE-2022-44558: Mismatch between serialization as well as deserialization in the AMS module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause privilege escalation.
CVE 16
- CVE-2022-44559: Mismatch between serialization as well as deserialization in the AMS module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause privilege escalation.
CVE 17
- CVE-2022-44560: Intent redirection vulnerability in the launcher module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause launcher module data to be modified.
CVE 18
- CVE-2022-44561: Permission verification vulnerability in the preset launcher module
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability allows unauthorized apps to add arbitrary widgets as well as shortcuts without interaction.
CVE 19
- CVE-2022-44562: Mismatch between serialization as well as deserialization at the system framework layer
- Risk Level: Medium
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability may cause privilege escalation.
CVE 20
- CVE-2022-44563: Race condition vulnerability in SD upgrade mode
- Risk Level: High
- Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1
- Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality.