These issues on EMUI 11 and 12 fixed with October 2022 EMUI security patches

Huawei has brought the October 2022 EMUI security patch details with a big bag of fixes and improvements for the threatening issues. Consequently, users will notice overall enhancement and stability in their devices after installing the new patch.

We are well aware of the fact that Huawei sends regular updates to its devices to maintain their reliability. But, often these updates welcome some hidden issues and defects in the system. As a result, these issues create a gateway for the malware to enter the applications and exploit the entire functioning of the gadget.

Therefore, this makes the user very conscious about installing every new firmware on their device. Hence, apart from the vulnerability description, the company has also shared a huge narration regarding what fixes the new patch will bring to the smart handsets.

As usual, the company has explored various segments of the device and has prepared a fresh improvement package. And the interesting part of this new package is, these fixes apply to the major EMUI 11 and 12 versions.

On the other hand, these spots cover several essential parts of the internal system. For instance, framework, kernel, KEYMASTER, configuration, and more. Thus, by treating and mending every element, this patch increases the security of your device to the next level.

So, if your handy gadget is running on any of the mentioned versions, then you must check which new issues get a full stop with the latest October 2022 EMUI security patch.

October 2022 EMUI security fixes for EMUI 11 and EMUI 12

CVE 1: CVE-2021-40017

• CVE version detail: Vulnerability of not verifying the validity of the key’s format in the HW_KEYMASTER module
• Risk Level: Critical
• Affected Versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability may cause out-of-bounds access

CVE 2: CVE-2021-46839, CVE-2021-46840

• CVE version detail: Lack of length check, and parameter set verification vulnerability in the HW_KEYMASTER module
• Risk Level: Medium
• Affected Versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Attackers can construct malicious data as well as cause out-of-bounds access

CVE 3: CVE-2022-38983

• CVE version detail: UAF vulnerability in the BT Hfp Client module
• Risk Level: High
• Affected Versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability may cause arbitrary code execution

CVE 4: CVE-2022-41576

• CVE version detail: boot.sh script that can be modified by malicious programs in the phone module
• Risk Level: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability can cause irreversible program implantation on the user’s device.

CVE 5: CVE-2022-41578

• CVE version detail: Out-of-bounds write vulnerability in the mptcp module
• Risk Level: High
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability may cause attack programs to modify program information to implement root privilege escalation attacks.

CVE 6: CVE-2022-41580, CVE-2022-41581

• CVE version details: Vulnerability of not verifying the read content in the HW_KEYMASTER module
• Risk Level: Medium
• Affected Versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Attackers can construct malicious data as well as cause out-of-bounds access

CVE 7: CVE-2022-41582

• CVE version details: Configuration defects in the security module
• Risk Level: High
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability may affect availability

CVE 8: CVE-2022-41584, CVE-2022-41585

• CVE version details: Out-of-bounds read vulnerability in the kernel module
• Risk Level: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability may cause memory overwriting

CVE 9: CVE-2022-41586

• CVE version details: Untruncated data vulnerability in the communication framework module
• Risk Level: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability will affect confidentiality

CVE 10: CVE-2022-41588

• CVE version details: Service logic exception vulnerability in the home screen module
• Risk Level: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of this CVE on devices: Successful exploitation of this vulnerability may affect the integrity

CVE 11: (CVE-2022-41592, CVE-2022-41593, CVE-2022-41594, CVE-2022-41595, CVE-2022-41597, CVE-2022-41598, CVE-2022-41600, CVE-2022-41601, CVE-2022-41602, CVE-2022-41603)

• CVE version details: Heap overflow/Out-of-bounds read/Null pointer or other issues in the phone due to fingerprint TA
• Risk Level: Medium
• Affected versions: EMUI 12.0.0, EMUI 11.0.1
• Impact of these CVEs on devices: Attackers with root permission can exploit this vulnerability by controlling the file content. As a result, the fingerprint service may be abnormal.