EMUI
Huawei June 2022 update fixes EMUI 12 feature issue
Huawei has recently published June 2022 EMUI security patch details. June 2022 bulletin mentioned a bunch of EMUI security flaws that have been fixed but there’s one specific Huawei EMUI 12 feature issue that we want to mention here.
Huawei EMUI June 2022 security patch fixes EMUI 12 multi-device task center feature issue, the exploitation of this feature could allow attacks to compromise your device’s data. However, it’s fixed with the upcoming firmware version and patched with June 2022 security patch.
Multi-Task Center:
This feature is powered by Huawei’s cross-device capabilities used in EMUI devices that allow you to get the most out of the software. Based on the concept of multi-device collaboration, the feature allows you to project application data from one device to another in real-time, check the example below.
For instance, if you are running a game on your smartphone, you just need to go to the task manager of the phone and task manager view. Now, tap on the device (such as a tablet) to run the corresponding app. However, the user must first need to connect the tablet and the phone via the same WiFi network and Huawei ID.
Similarly, another task can also be handled by the task center such as viewing documents on a tablet for a bigger view, without even installing any additional app.
Check all of the issues that are mentioned in the June 2022 EMUI security patch.
CVE-2021-46812: Device manager vulnerability in the multi-device task center
Severity: Medium
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability can affect integrity.
CVE-2021-46811: Improper permission management vulnerability in the HwSEServiceAPP module
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may lead to the acquisition of CPLC information.
CVE-2021-40021: Out-of-bounds memory write in the eID module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40022: Missing parameter type validation in the weaver module
Severity: Critical
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40014: Information management error vulnerability in the bone voice ID TA
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-40006: Security risk of brute force cracking in the fingerprint sensor module
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect confidentiality.
CVE-2022-31751: Multi-thread competition for resources in the kernel emcom module
Severity: Critical
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31757: Interface misuse vulnerability in the Settings module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-31763: Null pointer and out-of-bounds array vulnerabilities in the kernel module
Severity: High
Affected versions: EMUI 12.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31760: Dialog box being displayed when the screen is locked in the carrier-customized USSD service
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2022-31758: Race condition vulnerability in the kernel module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2021-46814: Out-of-bounds memory read and write vulnerability in the video framework
Severity: High
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31753: Vulnerability of using externally-controlled format strings in the voice wakeup module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31754: Logical defects in code implementation in some products
Severity: Medium
Affected versions: EMUI 12.0.0, EMUI 10.1.0, Magic UI 3.1.0
Impact: Successful exploitation of this vulnerability may affect the availability of some features.
CVE-2021-46813: Vulnerability of residual files not being deleted after an update in the ChinaDRM module
Severity: Critical
Affected versions: EMUI 11.0.0, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2021-46815: Configuration defects in the secure OS module
Severity: Medium
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31761: Configuration defects in the secure OS module
Severity: High
Affected versions: EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-29793: Configuration defects in the activation lock of the mobile phone
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, Magic UI 3.1.0, Magic UI 3.1.1
Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2022-31755: Improper preservation of permissions vulnerability in the communications module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31759: Uninitialized pointer access vulnerability in the AppLink
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability can affect availability.
CVE-2022-31762: Input verification vulnerability in the AMS module
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will cause unauthorized operations.
CVE-2022-31752: Missing authorization vulnerability in the system components
Severity: Medium
Affected versions: EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, EMUI 11.0.1, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.
CVE-2022-31756: Design defects in the fingerprint sensor module
Severity: High
Affected versions: EMUI 10.0.0, EMUI 10.1.0, EMUI 10.1.1, EMUI 11.0.0, EMUI 12.0.0, Magic UI 3.0.0, Magic UI 3.1.0, Magic UI 3.1.1, Magic UI 4.0.0
Impact: Successful exploitation of this vulnerability will affect confidentiality.