# HUAWEI EMUI/Magic UI security updates February 2023 ## HUAWEI EMUI/Magic UI security updates February 2023 HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches: This security update includes the following third-party library patches: ## This security update includes the CVE announced in the January 2023 Android security bulletin: ### Critical: CVE-2022-22088, CVE-2022-41674 High: CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635 Medium: none Low: none Already included in previous updates: CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793 ※ For more information on security patches, please refer to the Android security bulletins (). ## This security update includes the following HUAWEI patches: ### CVE-2022-48286: Unauthorized access vulnerability in the multi-screen collaboration module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48287: Logic bypass vulnerability in the HwContacts module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability can affect integrity. ### CVE-2022-48288: Lack of authentication and control for some APIs in the PackageManagerService module Severity: Medium Affected versions: EMUI 12.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48289: Lack of authentication and control for some APIs in the PackageManagerService module Severity: Medium Affected versions: EMUI 12.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48292: OOM vulnerability in the Bluetooth module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48293: OOM vulnerability in the Bluetooth module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48294: Improper authentification of the IHwAttestationService API Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48295: Improper authentification of the IHwAntiMalPlugin API Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability can cause fake malware installation. ### CVE-2022-48296: Improper permission management vulnerability in the SystemUI module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may cause users to receive misleading broadcasts from malicious apps, misleading them towards storage exceptions. ### CVE-2022-48297: Vulnerability that the geo-fencing kernel code does not verify the length of the input data Severity: Medium Affected versions: EMUI 12.0.1 Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access. ### CVE-2022-48298: Vulnerability that the geo-fencing kernel code does not verify the length of the input data Severity: Medium Affected versions: EMUI 12.0.1 Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access. ### CVE-2022-48299: Improper API authentification in the WMS module Severity: Medium Affected versions: EMUI 12.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48300: Improper API authentification in the WMS module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ### CVE-2022-48301: API permission verification vulnerability in the app package management module Severity: High Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may restore uninstalled pre-installed apps. ### CVE-2022-48302: Improper API authentification in the AMS module Severity: Medium Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1 Impact: Successful exploitation of this vulnerability may affect confidentiality. ## 출처 : [바로가기 ](https://consumer.huawei.com/en/support/bulletin/2023/2/) {% embed url="" %} NHN Cloud 정보 사이트 {% endembed %} {% embed url="" %} 취약점 진단 분석 평가 방법 사이트 {% endembed %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sul.skill.or.kr/mobile-security-updates/2023-huawei-mobile/huawei-emui-magic-ui-security-updates-february-2023.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.