Huawei February 2022 EMUI security patch fixes 11 privacy issues

Huawei’s major concern for its devices is system security because it can harm the user’s personal data, which is very dangerous. In the latest development, Huawei has resolved 11 dangerous privacy issues with the release of the latest February 2022 EMUI security patch.

Every month, Huawei made efforts and found the hidden privacy in the latest software version and fix it with the next security update rollout. The installation of the latest security patch can minimize the risk level.

Alongside February 2022 EMUI issues, the patch fixes 7 high and 1 medium-level CVE in the system. That’s not it, this security patch also brings fixes for 1 critical and 9 high-levels of CVE in the third-party libraries to provide more security to the system.

At present, Huawei is delivering the January 2022 EMUI security patch for its devices and began the rollout of the latest security improvement via OTA update. Now, you can check the solved CVE details, risk level, impact, and more detailed below.

The February 2022 security update fixed the following EMUI issues:

CVE 1:

• CVE-2021-39991: Unauthorized rewriting vulnerability with the memory access management module on ACPU
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 2:

• CVE-2021-39986: Unauthorized rewriting vulnerability with the memory access management module on ACPU
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 3:

• CVE-2021-37115: Unauthorized rewriting vulnerability with the memory access management module on ACPU
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 4:

• CVE-2021-37109: Security protection bypass vulnerability with the modem
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may cause memory protection failure.

CVE 5:

• CVE-2021-40044: Permission verification vulnerability in the Bluetooth module
• Risk: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0
• Impact: Successful exploitation of this vulnerability may cause unauthorized operations.

CVE 6:

• CVE-2021-40015: Race condition vulnerability in the binder driver subsystem in the kernel
• Risk: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0
• Impact: Successful exploitation of this vulnerability may affect kernel stability.

CVE 7:

• CVE-2021-39992: Improper security permission configuration vulnerability on ACPU
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE 8:

• CVE-2021-39997: Vulnerability of unstrict input parameter verification in the audio assembly
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

CVE 9:

• CVE-2021-39994: Arbitrary address access vulnerability with the product line test code
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.

CVE 10:

• CVE-2021-40045: Vulnerability of signature verification mechanism failure in system upgrade through recovery mode
• Risk: High
• Affected versions: EMUI 12.0.0, EMUI 11.0.1, EMUI 11.0.0, Magic UI 4.0.0
• Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE 11:

• CVE-2021-37107: Improper memory access permission configuration on ACPU
• Risk: High
• Affected versions: EMUI 12.0.0
• Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.