Professional Documents
Culture Documents
Huawei Jny-Lx1 10.0.1.167 (C185e3r3p1) &jny-Lx1 10.0.
Huawei Jny-Lx1 10.0.1.167 (C185e3r3p1) &jny-Lx1 10.0.
JNY-LX1 CONFIDENTIAL
Commercial Name
Total 9 pages
HUAWEI P40 lite
Vx.y
XXX Software Release Notes Vx.y
1 Version Description
Model JNY-LX1
10.0.1.167(C185E3R3P1)
Build number
10.0.1.167(C185E3R2P1)
Previous released number 10.0.1.117(C185E2R2P1)
IMEI SV 03
OS version Android 10
2 New Features
Index Feature Description
Optimize video playback experience.
1
Optimize system stability.
2
Incorporate Android April 2020 security patch to enhance the security of
3
mobile phone systems.
Add some Applications: MicrosoftBing.apk, Translator.apk, TrainPal.apk,
AliExpress.apk, Qwant.apk
Page 4
XXX Software Release Notes CONFIDENTIAL
Vx.y
3 Improvement from the Previous Version
Index Issue Description
1 NA
Page 5
XXX Software Release Notes CONFIDENTIAL
FPC
components
NA CVE-
202
Vx.y
In authorize_enroll of the FPC IRIS TrustZone app,
there is a possible out of bounds read due to a
The fix
designed to add
is
FPC NA CVE- In get_auth_result of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds write due to a designed to add
0- missing bounds check. This could lead to local bounds checks.
007 escalation of privilege with System execution
6 privileges needed. User interaction is not needed
for exploitation.
FPC NA CVE- In set_shared_key of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds read due to a designed to add
0- missing bounds check. This could lead to local bounds checks.
007 information disclosure with System execution
5 privileges needed. User interaction is not needed
for exploitation.
Page 6
XXX Software Release Notes CONFIDENTIAL
Platform 8.0,8.1,9
,10
CVE-
202
In Vx.yrw_t2t_handle_tlv_detect_rsp of
rw_t2t_ndef.cc, there is a possible out of bounds
The fix
designed to add
is
Page 7
XXX Software Release Notes CONFIDENTIAL
8 Vx.y
interaction is not needed for exploitation. functions are not
used within
aggregate
functions.
Notes:Android
8.1 - This patch is
provided for
completeness.Pa
rtners on 8.1
with an SPL of
2019-03-01 or
greater are
already patched
and do not need
to re-apply this
fix. Android 9 - To
fully patch
Android 9,
partners should
apply the original
fix and
supplemental
patch, both of
which are found
in the bulletin zip
file. This resolves
the previously
identified
functional
regression.
Android 8.0, 10 -
This patch did
not cause a
functional
regression and
has not changed
from the
previously
released version.
For partners who
have previously
applied and
retained this
patch there is no
action. For
Partners who
have not
previously
applied the patch
it is required as
part of SPL 2020-
04-01.These
instructions also
apply to CVE-
2019-8457 and
CVE-2019-9936
below.
Page 8
XXX Software Release Notes CONFIDENTIAL
Platform 10 CVE-
202
Vx.y
In onOpActiveChanged and related methods of
AppOpsControllerImpl.java, there is a possible way
The
designed
fix is
to
0- to display an app overlaying other apps without prevent sending
008 the notification icon that it's overlaying. This could early termination
0 lead to local escalation of privilege with User of appop use.
execution privileges needed. User interaction is
needed for exploitation.
Platform 8.0,8.1,9 CVE- In finalize of AssetManager.java, there is possible The fix is
,10 202 memory corruption due to a double free. This designed to set
0- could lead to local escalation of privilege with no the pointer to
008 additional execution privileges needed. User zero after
1 interaction is not needed for exploitation. freeing.
Page 9