Connect with us

EMUI

These 49 EMUI security issues fixed with July 2021 update

Published

on

July 2021 privacy issue

Huawei has just published the latest July 2021 security patch and reveals 49 new EMUI security issues that were fixed with this new security patch.

The fixed EMUI security issues will prevent Common Vulnerabilities and Exposures or CVE from harming user data or blocking any unverified access to the device.

To be mentioned, Huawei’s current days are very hectic because HarmonyOS 2.0 rollout is going on in China and also in preparation for the next flagship global product launch conference, which will be held on July 29. This caused Huawei to polish a late security bulletin.

But, Huawei has made full efforts in finding the EMUI security issues and resolve them with the July 2021 security patch.

July EMUI security patch details:

Huawei has fixes 21 high, and 28 medium levels of CVE as well as 49 hidden EMUI security issues for EMUI and Magic UI devices. Check the solved CVE details, severity, impact, and more detailed below.

Huawei security

Below you can check all of the EMUI security issues mentioned in the July 2021 patch:

CVE 1:

  • CVE-2021-22475: Improper permission management vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 2:

  • CVE-2021-22394: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may cause DoS of the apps during Multi-Screen Collaboration.

CVE 3:

  • CVE-2021-36997: Low memory error in some Huawei devices due to the unlimited size of images to be parsed
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.

CVE 4:

  • CVE-2021-36996: Improper verification vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of certain virtual information.

CVE 5:

  • CVE-2021-36995: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 6:

  • CVE-2021-36994: Trustlist strings being repeatedly inserted into the linked list in some Huawei devices due to race conditions
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.

CVE 7:

  • CVE-2021-22367: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE 8:

  • CVE-2021-36993: Memory leaks in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 9:

  • CVE-2021-36992: Public key verification vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 10:

  • CVE-2021-36991: Unauthorized file access vulnerability in some Huawei devices due to unstandardized path input
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.

CVE 11:

  • CVE-2021-36990: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 12:

  • CVE-2021-36989: Kernel crash vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 13:

  • CVE-2021-36988: Parameter verification issues in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 14:

  • CVE-2021-36987: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 15:

  • CVE-2021-36986: Vulnerability of tampering with the kernel in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate permissions.

CVE 16:

  • CVE-2021-36985: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.

CVE 17:

  • CVE-2021-22491: Input verification vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 18:

  • CVE-2021-22490: Permission verification vulnerability in some Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect the device performance.

CVE 19:

  • CVE-2021-22488: Unauthorized file access vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.

CVE 20:

  • CVE-2021-22487: Out-of-bounds read vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 21:

  • CVE-2021-22486: Unstandardized field names in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 22:

  • CVE-2021-22485: SSID vulnerability with Wi-Fi network connections in Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 23:

  • CVE-2021-22483: IP address spoofing vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may cause DoS.

CVE 24:

  • CVE-2021-22482: Uninitialized variable vulnerability in some Huawei devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause transmission of invalid data.

CVE 25:

  • CVE-2021-36998: Improper verification vulnerability in some devices
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.

CVE 26:

  • CVE-2021-22474: Out-of-bounds memory access in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause process exceptions.

CVE 27:

  • CVE-2021-22473: Authentication vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 28:

  • CVE-2021-22472: Improper verification vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 29:

  • CVE-2021-22460: Boot restriction bypass vulnerability in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 30:

  • CVE-2021-22455: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 31:

  • CVE-2021-22450: Memory leaks in some Huawei devices due to exceptions when freeing memory
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability will exhaust system memory resources and cause the device to restart.

CVE 32:

  • CVE-2021-22436: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 33:

  • CVE-2021-22435: Logic bypass vulnerability in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 10.1.1, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE 34:

  • CVE-2021-22425: Nodes in the linked list being freed for multiple times in some Huawei devices due to race conditions
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability can cause the system to restart.

CVE 35:

  • CVE-2021-22423: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 36:

  • CVE-2021-22422: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 37:

  • CVE-2021-22419: Startup verification vulnerability with non-Huawei APKs in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may allow knock-off apps to run automatically.

CVE 38:

  • CVE-2021-22418: Integer overflow vulnerability with the Always On Display (AOD) driver in some Huawei devices
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability may escalate the permission to that of the root user.

CVE 39:

  • CVE-2021-22417: Memory leaks and out-of-bounds access vulnerabilities in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.

CVE 40:

  • CVE-2021-22407: Identity verification vulnerability due to unverified server when connecting Huawei phones to a computer via HiSuite
  • Severity: Low
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 41:

  • CVE-2021-22406: Remote DoS vulnerability with the MeeTime app
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability will cause the app to exit unexpectedly.

CVE 42:

  • CVE-2021-22405: Configuration defects in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service availability.

CVE 43:

  • CVE-2021-22404: Directory traversal vulnerability in Huawei phones
  • Severity: Low
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 44:

  • CVE-2021-22403: Vulnerability of hijacking unverified providers in some Huawei phones
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1
  • Impact: Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

CVE 45:

  • CVE-2021-22402: DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may cause DoS attacks.

CVE 46:

  • CVE-2021-22401: Remote DoS vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability can affect service integrity.

CVE 47:

  • CVE-2021-22395: Code injection vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 48:

  • CVE-2021-36999: Buffer overflow vulnerability in some Huawei devices
  • Severity: Medium
  • Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1
  • Impact: Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.

CVE 49:

  • CVE-2021-37000: Improper permission management vulnerability in some Huawei phones
  • Severity: High
  • Affected versions: EMUI 11.0.0, Magic UI 4.0.0
  • Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Amy is our firmware and software specialist, she keeps her eagle eyes open for new software rollouts, beta programs, and other software related activities as well as new smartphone launch.