HUAWEI EMUI/Magic UI security updates February 2023

Huawei 사이트 참고

HUAWEI EMUI/Magic UI security updates February 2023

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the January 2023 Android security bulletin:

Critical: CVE-2022-22088, CVE-2022-41674

High: CVE-2022-20456, CVE-2022-20461, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2022-20494, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915, CVE-2023-20920, CVE-2023-20921, CVE-2022-33255, CVE-2022-32635

Medium: none

Low: none

Already included in previous updates: CVE-2022-20504, CVE-2022-20506, CVE-2022-20513, CVE-2022-20515, CVE-2022-20516, CVE-2022-20517, CVE-2022-20518, CVE-2022-20520, CVE-2022-20521, CVE-2022-20525, CVE-2022-20528, CVE-2022-20530, CVE-2022-20537, CVE-2022-20539, CVE-2022-20541, CVE-2022-20544, CVE-2022-20546, CVE-2022-20552, CVE-2022-42535, CVE-2022-42542, CVE-2022-20496, CVE-2022-20566, CVE-2021-39793

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-48286: Unauthorized access vulnerability in the multi-screen collaboration module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48287: Logic bypass vulnerability in the HwContacts module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can affect integrity.

CVE-2022-48288: Lack of authentication and control for some APIs in the PackageManagerService module

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48289: Lack of authentication and control for some APIs in the PackageManagerService module

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48292: OOM vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48293: OOM vulnerability in the Bluetooth module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48294: Improper authentification of the IHwAttestationService API

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48295: Improper authentification of the IHwAntiMalPlugin API

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability can cause fake malware installation.

CVE-2022-48296: Improper permission management vulnerability in the SystemUI module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause users to receive misleading broadcasts from malicious apps, misleading them towards storage exceptions.

CVE-2022-48297: Vulnerability that the geo-fencing kernel code does not verify the length of the input data

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48298: Vulnerability that the geo-fencing kernel code does not verify the length of the input data

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds memory access.

CVE-2022-48299: Improper API authentification in the WMS module

Severity: Medium

Affected versions: EMUI 12.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48300: Improper API authentification in the WMS module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-48301: API permission verification vulnerability in the app package management module

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may restore uninstalled pre-installed apps.

CVE-2022-48302: Improper API authentification in the AMS module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

출처 : 바로가기

NHN Cloud 정보 사이트
취약점 진단 분석 평가 방법 사이트

Last updated