Scribd Logo
Upload

Welcome to Scribd!

  • HUAWEI MAR-LX3A 9.1.0.215 (C605E5R4P2) Release Notes

    Uploaded by

    Antares Brasil
    32 views8 pages
    This document provides release notes for the MAR-LX3A device software version Vx.y. It lists new features, improvements from the previous version, known limitations and issues, and software vulnerability fixes. The software upgrades the device to Android 9, EMUI 9.1.0, and includes IMS support capabilities and enhancements to system maintainability. It fixes several Android, third-party, and platform vulnerabilities relating to arbitrary writes, information disclosure, and out-of-bound memory issues.

    Original Description:

    Original Title

    HUAWEI MAR-LX3A 9.1.0.215(C605E5R4P2) Release Notes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides release notes for the MAR-LX3A device software version Vx.y. It lists new features, improvements from the previous version, known limitations and issues, and software vulnerability fixes. The software upgrades the device to Android 9, EMUI 9.1.0, and includes IMS support capabilities and enhancements to system maintainability. It fixes several Android, third-party, and platform vulnerabilities relating to arbitrary writes, information disclosure, and out-of-bound memory issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    32 views8 pages

    HUAWEI MAR-LX3A 9.1.0.215 (C605E5R4P2) Release Notes

    Uploaded by

    Antares Brasil
    This document provides release notes for the MAR-LX3A device software version Vx.y. It lists new features, improvements from the previous version, known limitations and issues, and software vulnerability fixes. The software upgrades the device to Android 9, EMUI 9.1.0, and includes IMS support capabilities and enhancements to system maintainability. It fixes several Android, third-party, and platform vulnerabilities relating to arbitrary writes, information disclosure, and out-of-bound memory issues.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 8

    Product name Confidentiality level

    MAR-LX3A CONFIDENTIAL
    Commercial Name
    Total 12 pages
    HUAWEI P30 lite

    XXX Software Release Notes Vx.y

    Prepared by MAR Team Date 2019-4-27


    Reviewed by MAR Team Date 2019-4-27
    Approved by MAR Team Date 2019-4-27

    Huawei Technologies Co., Ltd.

    All rights reserved


    Revision Record
    Date Revision Change Description Author
    version
    yyyy-mm-dd 1.0 Release for version V100R001CXXB001 XXX TEAM

    yyyy-mm-dd 1.1 Add OTA feature description XXX TEAM


    yyyy-mm-dd 2.0 Release for version V100R001CXXB002 XXX TEAM

    1. Change “Product version” to “Commercial Name”


    2. Remove “Main features”
    3. Make “Version Description” more clear
    2018-2-13 2.1 4.Change” Improvement in the Previous Version” to
    MR TEAM
    “Improvement From the Previous Version”
    4.Change “Effect” to “Remarks”

    2018-5-18 2.2 Add match EMUI 9.0 template Custom Team


    Table of Contents
    1 Version Description..................................................................................................................4
    2 New Features..........................................................................................................................4
    3 Improvement From the Previous Version................................................................................4
    4 Known Limitations and Issues.................................................................................................5
    5 Software Vulnerabilities Fixes..................................................................................................5
    XXX Software Release Notes CONFIDENTIAL

    Vx.y
    XXX Software Release Notes Vx.y

    1 Version Description
    Model MAR-LX3A

    Build number Marie-L23A 9.1.0.215(C605E5R4P2)


    Previous released number MAR-LX3A 9.0.1.170(C605E5R4P1)

    IMEI SV 09
    OS version Android 9

    EMUI version EMUI 9.1.0

    CPU Hisilicon Kirin 710


    Baseband version 21C20B388S000C000, 21C20B388S000C000
    4.9.148
    Kernel Version android@localhost#1
    Thu Jul 11 01:22:22 CTS 2019
    Version Type MR4

    2 New Features
    Index Issue Description

    1 IMS market support capabilities.

    2 Other product domains require APK presets for overseas versions.

    3 Dual-IMSI requirements.

    4 Enhances the system maintainability

    3 Improvement From the Previous Version


    Index Issue Description

    4 Known Limitations and Issues


    Index Issue Description Remarks
    1
    2
    3

    Page 4
    XXX Software Release Notes CONFIDENTIAL

    Vx.yFixes
    5 Software Vulnerabilities
    [Software Vulnerabilities include Android Vulnerability, Third-party software Vulnerability, and Huawei
    Vulnerability]

    [Android Vulnerability is from Google, which reported publicly.]

    [Third-party software is a type of computer software that is sold together with or provided for free in Huawei
    products or solutions with the ownership of intellectual property rights (IPR) held by the original contributors.
    Third-party software can be but is not limited to: Purchased software, Software that is built in or attached to
    purchased hardware, Software in products of the original equipment manufacturer (OEM) or original design
    manufacturer (ODM), Software that is developed with technical contribution from partners (ownership of IPR
    all or partially held by the partners), Software that is legally obtained free of charge.
    The data of third-party software vulnerabilities fixes can be exported from PDM.
    If the table is excessively long, you can divide it into multiple ones by product version, or deliver it in an excel
    file with patch release notes and provide reference information in this section.]

    [Huawei Vulnerability is Huawei own software’ Vulnerability, which found by outside]

    Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
    http://web.nvd.nist.gov/view/vuln/search

    Software/ Version CVE Vulnerability Description Impact Description


    Module name ID

    NVIDIA NA CVE- In warmboot code of Pixel C's If your devices are


    components 2018 BootROM, there is a possible affected please
    - arbitrary memory write due to contact NVIDIA for
    6240 a missing bounds check. This the fix.
    could lead to local escalation of
    privilege with System execution
    privileges needed. User
    interaction is not needed for
    exploitation.
    NVIDIA NA CVE- In Arm Trusted Firmware, there If your devices are
    components 2017 is a possible disclosure of affected please
    - information from speculative contact NVIDIA for
    5715 execution due to an unusual the fix.
    root cause. This could lead to
    local information disclosure of
    data secured by the TEE with no
    additional execution privileges
    needed. User interaction is not
    needed for exploitation.
    Platform 9 CVE- In the Xaac decoder, failure to The fix is designed to
    2016 initialize would result in no data return an error when
    - being consumed in the decoder is not
    2428 subsequent process call, initialized before first
    resulting in an infinite loop. process call.

    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In rw_i93_sm_update_ndef of The fix is designed to


    1,9 2019 rw_i93.cc, there is a possible add length checks to
    - out-of-bound write due to a rw_i93_sm_update_n
    2035 missing bounds check. This def and related
    Page 5
    XXX Software Release Notes CONFIDENTIAL

    Vx.y
    could lead to local escalation of
    privilege with no additional
    rw_i93_* functions.

    execution privileges needed.


    User interaction is needed for
    exploitation.
    Platform 9 CVE- In rw_i93_process_ext_sys_info The fix is designed to
    2019 of rw_i93.cc, there is a possible add the missing
    - out-of-bound read due to a bounds checks.
    2040 missing bounds check. This
    could lead to local information
    disclosure with no additional
    execution privileges needed.
    User interaction is needed for
    exploitation.
    Platform 8.1,9 CVE- In the configuration of NFC The fix is designed to
    2019 modules on certain devices, set the NFC Type-A
    - there is a possible failure to HCE to a random UID.
    2041 distinguish individual devices
    due to an insecure default
    value. This could lead to local
    escalation of privilege with no
    additional execution privileges
    needed. User interaction is
    needed for exploitation.
    Platform 9 CVE- In create_hdr of The fix is designed to
    2019 dnssd_clientstub.c, there is a ensure that DNS
    - possible use after free. This service references are
    2033 could lead to local escalation of wrapped in a mutex
    privilege with no additional and are nulled after
    execution privileges needed. deallocation.
    User interaction is not needed
    for exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In rw_i93_process_sys_info of The fix is designed to
    1,9 2019 rw_i93.cc, there is a possible add the missing
    - out-of-bound read due to a bounds checks.
    2038 missing bounds check. This
    could lead to local information
    disclosure with no additional
    execution privileges needed.
    User interaction is needed for
    exploitation.
    Platform 8.0,8.1,9 CVE- In SetScanResponseData of The fix is designed to
    2019 ble_advertiser_hci_interface.cc, add multiple bounds
    - there is a possible out-of-bound checks preventing
    2032 write due to a missing bounds lengths from being
    check. This could lead to local too large.
    escalation of privilege with no
    additional execution privileges
    needed. User interaction is not
    needed for exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In numerous hand-crafted The fix is designed to
    1,9 2019 functions in libmpeg2, NEON correctly push and
    - registers are not preserved. pop the NEON
    2028 This could lead to remote code registers.
    execution with no additional
    execution privileges needed.
    Page 6
    XXX Software Release Notes CONFIDENTIAL

    Vx.y
    User interaction is needed for
    exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In btm_proc_smp_cback of The fix is designed to
    1,9 2019 tm_ble.cc, there is a possible check if the device
    - memory corruption due to a record has already
    2029 use after free. This could lead been freed.
    to remote code execution with
    no additional execution
    privileges needed. User
    interaction is needed for
    exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In l2cu_send_peer_config_rej The fix is designed to
    1,9 2019 of l2c_utils.cc, there is a correctly verify the
    - possible out-of-bound read due lengths of fields with
    2037 to an incorrect bounds check. deterministic lengths.
    This could lead to remote
    information disclosure with no
    additional execution privileges
    needed. User interaction is not
    needed for exploitation.
    Platform 9 CVE- In removeInterfaceAddress of The fix is designed to
    2019 NetworkController.cpp, there is prevent the use after
    - a possible use after free. This free.
    2030 could lead to remote code
    execution with no additional
    execution privileges needed.
    User interaction is not needed
    for exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In floor0_inverse1 of floor0.c, The fix is designed to
    1,9 2019 there is a possible out of fix the size bounds
    - bounds write due to an check.
    2027 incorrect bounds check. This
    could lead to remote code
    execution with no additional
    execution privileges needed.
    User interaction is needed for
    exploitation.
    NVIDIA NA CVE- In warmboot code of Pixel C's If your devices are
    components 2018 BootROM, there is a possible affected please
    - arbitrary memory write due to contact NVIDIA for
    6240 an unusual root cause. This the fix.
    could lead to local escalation of
    privilege in the trust zone with
    System execution privileges
    needed. User interaction is not
    needed for exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In rw_i93_sm_read_ndef of The fix is designed to
    1,9 2019 rw_i93.cc, there is a possible add length checks to
    - out-of-bounds write due to an rw_i93_sm_read_nde
    2034 integer overflow. This could f and related
    lead to local escalation of rw_i93_* functions.
    privilege in the NFC process
    with no additional execution
    privileges needed. User
    interaction is needed for
    exploitation.
    Page 7
    XXX Software Release Notes CONFIDENTIAL

    Platform 7.0,7.1.1,7.1.2,8.0,8.
    1,9
    Vx.y
    CVE-
    In rw_i93_sm_detect_ndef of
    2019
    rw_i93.cc, there is a possible
    The fix is designed to
    add the missing
    - out-of-bound read due to a bounds check.
    2039 missing bounds check. This
    could lead to local information
    disclosure with no additional
    execution privileges needed.
    User interaction is needed for
    exploitation.
    Platform 8.0 CVE- In updateAssistMenuItems of The fix is designed to
    2019 Editor.java, there is a possible disable smart text
    - escape from the Setup Wizard assist during Setup
    2026 due to a missing permission Wizard.
    check. This could lead to local
    escalation of privilege and FRP
    bypass with no additional
    execution privileges needed.
    User interaction is not needed
    for exploitation.
    Platform 7.0,7.1.1,7.1.2,8.0,8. CVE- In The fix is designed to
    1,9 2019 rw_t3t_act_handle_check_ndef check the message
    - _rsp of rw_t3t.cc, there is a length.
    2031 possible out-of-bound write
    due to a missing bounds check.
    This could lead to local
    escalation of privilege with no
    additional execution privileges
    needed. User interaction is not
    needed for exploitation.

    Page 8

    You might also like