HUAWEI AQM-LX1 10.1.0.109 (C605E1R5P1) Software Release Notes

Product name Confidentiality level
AQM-LX1 CONFIDENTIAL
Commercial Name
Total 10 pages
HUAWEI Y8p
XXX Software Release Notes Vx.y
Prepared by AQM Team Date 2020-4-23

Reviewed by AQM Team Date 2020-4-23
Approved by AQM Team Date 2020-4-23
Huawei Technologies Co., Ltd.
All rights reserved

Revision Record
Date Revision Change Description Author
version
yyyy-mm-dd 1.0 Release for version V100R001CXXB001 XXX TEAM
yyyy-mm-dd 1.1 Add OTA feature description XXX TEAM

yyyy-mm-dd 2.0 Release for version V100R001CXXB002 XXX TEAM
1. Change “Product version” to “Commercial Name”

2. Remove “Main features”
3. Make “Version Description” more clear
2018-2-13 2.1 4.Change” Improvement in the Previous Version” to
MR TEAM
“Improvement From the Previous Version”
4.Change “Effect” to “Remarks”
2018-5-18 2.2 Add match EMUI 9.0 template Custom Team

1. Delete column “Case ID”
2018-8-8 2.2 2. Change “Issue Description” to “Feature MR TEAM
Description” in New Features
2019-1-1 2.3 1. Add “IMEI SV” in Version Description. MR TEAM
2019-3-12 2.3.1 1. Update Version Description. I&M
2019-5-17 2.3.2 1. Add “Android security patch” I&M

Table of Contents
1 Version Description..................................................................................................................4
2 New Features..........................................................................................................................4
3 Improvement from the Previous Version.................................................................................4
4 Known Limitations and Issues.................................................................................................4
5 Software Vulnerabilities Fixes..................................................................................................5
XXX Software Release Notes CONFIDENTIAL
Vx.y
XXX Software Release Notes Vx.y
1 Version Description
Model AQM-LX1
10.1.0.109(C605E1R5P1)
Build number
GPU Turbo
Previous released number NA
IMEI SV 02
Android version 10
EMUI version 10.1.0
CPU Huawei Kirin 710F

Android security patch 1 April 2020
Baseband version 21C20B388S000C000,21C20B388S000C000
4.14.116
Kernel Version android@localhost #1
Tue Apr 21 19:05:29 CST 2020
Version Type TA
2 New Features
Index Feature Description
Integrates Google security patches released in April 2020 for improved
1
system security.
3 Improvement from the Previous Version

Index Issue Description
1 NA
4 Known Limitations and Issues

Index Issue Description Remarks
1 NA NA
5 Software Vulnerabilities Fixes

Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search
#4 Google Security Patch：April.2020
Page 4
Software/
Module
Version CVE
ID
Vx.y
Vulnerability Description Impact
Description
name
Platform 9,10 CVE- In decrypt_1_2 of CryptoPlugin.cpp, there is a The fix is

202 possible out of bounds write due to stale pointer. designed to fix
0- This could lead to local escalation of privilege with the base pointer
007 no additional execution privileges needed. User used to set the
9 interaction is not needed for exploitation. destination.
Platform 9,10 CVE- In releaseSecureStops of DrmPlugin.cpp, there is a The fix is

202 possible out of bounds write due to a missing designed to add
0- bounds check. This could lead to local escalation of the missing
007 privilege with no additional execution privileges bounds check.
8 needed. User interaction is not needed for
exploitation.
Qualcomm NA CVE- undefined

components 201
9-
140
87

closed- 201
source 9-
components 140
75
FPC NA CVE- In authorize_enroll of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds read due to a designed to add
0- missing bounds check. This could lead to local bounds checks.
007 information disclosure with System execution
7 privileges needed. User interaction is not needed
for exploitation.
FPC NA CVE- In get_auth_result of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds write due to a designed to add
007 escalation of privilege with System execution
for exploitation.
FPC NA CVE- In set_shared_key of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds read due to a designed to add
007 information disclosure with System execution
for exploitation.
Page 5
Platform 8.0,8.1,9
,10
CVE-
202
In Vx.y verifyIntentFiltersIfNeeded
PackageManagerService.java, there is a possible
of The
designed
fix is
to
0- settings bypass allowing an app to become the revoke 'always'
007 default handler for arbitrary domains. This could web handler
4 lead to local escalation of privilege with User status when app
execution privileges needed. User interaction is no longer uses
not needed for exploitation. autoVerify.
Kernel NA CVE- In ml_ff_destroy of ff-memless.c, there is possible The fix is
201 memory corruption due to a use after free. This designed to clean
9- could lead to local escalation of privilege if a up an effect
195 malicious USB device is used, with no additional timer.
24 execution privileges needed. User interaction is
not needed for exploitation.
Kernel NA CVE- In many initialization functions of many drivers in The fix is

201 drivers/hid, there are possible out of bounds designed to
9- writes due to a missing check for an empty list. check if the
195 These could lead to local escalation of privilege if driver's input lists
32 using a malicious USB driver, with no additional are empty before
execution privileges needed. User interaction is using them.
Kernel NA CVE- In snd_timer_open of timer.c, there is a possible The fix is
201 code execution due to a use after free. This could designed to not
9- lead to local escalation of privilege with no re-use variables
198 additional execution privileges needed. User for temporary
07 interaction is not needed for exploitation. checks.

components 201
9-
140
70

closed- 201
source 9-
components 141
12

closed- 201
source 9-
components 141
14

components 201
9-
141
22
Page 6
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 141
34

closed- 201
source 9-
components 141
11

closed- 201
source 9-
components 141
13

components 201
9-
141
31

components 201
9-
141
04

closed- 201
source 9-
components 141
27

closed- 201
source 9-
components 141
35

components 201
9-
141
32
Page 7
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 141
05

closed- 201
source 9-
components 141
10
Platform 8.0,8.1,9 CVE- In rw_t2t_handle_tlv_detect_rsp of The fix is

,10 202 rw_t2t_ndef.cc, there is a possible out of bounds designed to add
0- write due to a missing bounds check. This could the missing
007 lead to remote code execution over NFC with no bounds check.
3 additional execution privileges needed. User
interaction is not needed for exploitation.
Platform 8.0,8.1,9 CVE- In rw_t2t_handle_tlv_detect_rsp of The fix is

Platform 8.0,8.1,9 CVE- In rw_t2t_extract_default_locks_info of The fix is

Platform 8.0,8.1,9 CVE- In rw_t2t_update_lock_attributes of The fix is


closed- 202
source 0-
components 365
1

components 202
0-
365
1
Page 8
MediaTek
components
NA CVE-
202
Vx.y
In mnld, there is a possible information disclosure
due to an exposed network socket. This could lead
The
designed
fix is
to
0- to remote information disclosure of the user's remove
009 location with no additional execution privileges externally
1 needed. User interaction is not needed for accessible
exploitation. sockets.
MediaTek NA CVE- In The fix is

components 202 com.mediatek.email.backuprestore.EmailBackupR designed to
0- estoreReceiver, there is a possible disclosure of remove the Email
009 emails due to a missing permission check. This Backup feature
0 could lead to local information disclosure with no and related code.
additional execution privileges needed. User
MediaTek NA CVE- In The fix is
components 202 com.mediatek.apst.target.receiver.DaemonReceiv designed to
0- er, there is possible access to private user data remove the
006 due to a permissions bypass. This could lead to vulnerable app.
5 remote information disclosure with no additional
execution privileges needed. User interaction is
MediaTek NA CVE- In the OMACP app, there is a possible disclosure of The fix is
components 202 provisioning data due to a missing permission designed to limit
0- check. This could lead to local information the provisioning
006 disclosure with no additional execution privileges data to access
4 needed. User interaction is not needed for only by
exploitation. preloaded
system apps that
declare the
required
permission.
Platform 8.0,8.1,9 CVE- In lookupName of resolve.c, there is a possible The fix is
,10 201 code execution due to a use after free. This could designed to
9- lead to local escalation of privilege with no ensure that
501 additional execution privileges needed. User aliased window
8 interaction is not needed for exploitation. functions are not
used within
aggregate
functions.
Notes:Android
8.1 - This patch is
provided for
completeness.Pa
rtners on 8.1
with an SPL of
2019-03-01 or
greater are
already patched
and do not need
to re-apply this
fix. Android 9 - To
fully patch
Android 9,
partners should
apply the original
fix and
Page 9
Vx.y supplemental
patch, both of
which are found
in the bulletin zip
file. This resolves
the previously
identified
functional
regression.
Android 8.0, 10 -
This patch did
not cause a
functional
regression and
has not changed
from the
previously
released version.
For partners who
have previously
applied and
retained this
patch there is no
action. For
Partners who
have not
previously
applied the patch
it is required as
part of SPL 2020-
04-01.These
instructions also
apply to CVE-
2019-8457 and
CVE-2019-9936
below.
Platform 10 CVE- In onOpActiveChanged and related methods of The fix is
202 AppOpsControllerImpl.java, there is a possible way designed to
0- to display an app overlaying other apps without prevent sending
008 the notification icon that it's overlaying. This could early termination
0 lead to local escalation of privilege with User of appop use.
execution privileges needed. User interaction is
needed for exploitation.
Platform 8.0,8.1,9 CVE- In finalize of AssetManager.java, there is possible The fix is
,10 202 memory corruption due to a double free. This designed to set
0- could lead to local escalation of privilege with no the pointer to
008 additional execution privileges needed. User zero after
1 interaction is not needed for exploitation. freeing.

closed- 201
source 9-
components 140
01
Page 10
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 105
75

closed- 201
source 9-
components 140
19

closed- 201
source 9-
components 140
18

closed- 201
source 9-
components 140
21

closed- 201
source 9-
components 105
88

closed- 201
source 9-
components 105
89

closed- 201
source 9-
components 140
09

closed- 201
source 9-
components 140
22
Page 11
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 106
10

closed- 201
source 9-
components 140
33

closed- 201
source 9-
components 140
20

closed- 201
source 9-
components 106
08

closed- 201
source 9-
components 104
83

closed- 201
source 9-
components 105
51

closed- 201
source 9-
components 140
12

closed- 201
source 9-
components 106
09
Page 12
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 140
11

closed- 201
source 9-
components 140
07
Platform 10 CVE- There is a possible disclosure of RAM using a In device

201 shared crypto key due to improperly used crypto. configurations,
9- This could lead to local information disclosure with zram writeback
205 no additional execution privileges needed. User must be disabled.
6 interaction is not needed for exploitation. An example code
snippet can be
found in the zip
file.
Platform 8.0,8.1,9 CVE- In rtreenode of rtree.c, there is a possible out of The fix is
,10 201 bounds read due to a missing bounds check. This designed to
9- could lead to local information disclosure with no replace the fixed-
845 additional execution privileges needed. User size stack buffer
7 interaction is not needed for exploitation. with a
dynamically-
resized string.
Platform 10 CVE- In ExternalVibration of ExternalVibration.java, The fix is
202 there is a possible activation of an arbitrary intent designed to
0- due to unsafe deserialization. This could lead to remove excessive
008 local escalation of privilege to system_server with serialization of
2 no additional execution privileges needed. User Audio Attributes.
Platform 8.0,8.1,9 CVE- In fts5HashEntrySort of fts5_hash.c, there is a The fix is

,10 201 possible out of bounds read due to a missing designed to add
9- bounds check. This could lead to local information the missing
993 disclosure with no additional execution privileges bounds check.
6 needed. User interaction is not needed for
exploitation.
Page 13

HUAWEI AQM-LX1 10.1.0.109 (C605E1R5P1) Software Release Notes

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HUAWEI AQM-LX1 10.1.0.109 (C605E1R5P1) Software Release Notes

Uploaded by

Copyright:

Available Formats

Product name Confidentiality level

XXX Software Release Notes Vx.y

Prepared by AQM Team Date 2020-4-23

Huawei Technologies Co., Ltd.

All rights reserved

yyyy-mm-dd 1.1 Add OTA feature description XXX TEAM

1. Change “Product version” to “Commercial Name”

2018-5-18 2.2 Add match EMUI 9.0 template Custom Team

2019-1-1 2.3 1. Add “IMEI SV” in Version Description. MR TEAM

2019-3-12 2.3.1 1. Update Version Description. I&M

2019-5-17 2.3.2 1. Add “Android security patch” I&M

EMUI version 10.1.0

CPU Huawei Kirin 710F

3 Improvement from the Previous Version

4 Known Limitations and Issues

5 Software Vulnerabilities Fixes

Platform 9,10 CVE- In decrypt_1_2 of CryptoPlugin.cpp, there is a The fix is

Platform 9,10 CVE- In releaseSecureStops of DrmPlugin.cpp, there is a The fix is

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Kernel NA CVE- In many initialization functions of many drivers in The fix is

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Platform 8.0,8.1,9 CVE- In rw_t2t_handle_tlv_detect_rsp of The fix is

Platform 8.0,8.1,9 CVE- In rw_t2t_handle_tlv_detect_rsp of The fix is

Platform 8.0,8.1,9 CVE- In rw_t2t_extract_default_locks_info of The fix is

Platform 8.0,8.1,9 CVE- In rw_t2t_update_lock_attributes of The fix is

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

MediaTek NA CVE- In The fix is

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Qualcomm NA CVE- undefined

Platform 10 CVE- There is a possible disclosure of RAM using a In device

Platform 8.0,8.1,9 CVE- In fts5HashEntrySort of fts5_hash.c, there is a The fix is

You might also like