Professional Documents
Culture Documents
HUAWEI AQM-LX1 10.1.0.109 (C605E1R5P1) Software Release Notes
HUAWEI AQM-LX1 10.1.0.109 (C605E1R5P1) Software Release Notes
AQM-LX1 CONFIDENTIAL
Commercial Name
Total 10 pages
HUAWEI Y8p
Vx.y
XXX Software Release Notes Vx.y
1 Version Description
Model AQM-LX1
10.1.0.109(C605E1R5P1)
Build number
GPU Turbo
Previous released number NA
IMEI SV 02
Android version 10
2 New Features
Index Feature Description
Integrates Google security patches released in April 2020 for improved
1
system security.
1 NA
Page 4
XXX Software Release Notes CONFIDENTIAL
Software/
Module
Version CVE
ID
Vx.y
Vulnerability Description Impact
Description
name
FPC NA CVE- In authorize_enroll of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds read due to a designed to add
0- missing bounds check. This could lead to local bounds checks.
007 information disclosure with System execution
7 privileges needed. User interaction is not needed
for exploitation.
FPC NA CVE- In get_auth_result of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds write due to a designed to add
0- missing bounds check. This could lead to local bounds checks.
007 escalation of privilege with System execution
6 privileges needed. User interaction is not needed
for exploitation.
FPC NA CVE- In set_shared_key of the FPC IRIS TrustZone app, The fix is
components 202 there is a possible out of bounds read due to a designed to add
0- missing bounds check. This could lead to local bounds checks.
007 information disclosure with System execution
5 privileges needed. User interaction is not needed
for exploitation.
Page 5
XXX Software Release Notes CONFIDENTIAL
Platform 8.0,8.1,9
,10
CVE-
202
In Vx.y verifyIntentFiltersIfNeeded
PackageManagerService.java, there is a possible
of The
designed
fix is
to
0- settings bypass allowing an app to become the revoke 'always'
007 default handler for arbitrary domains. This could web handler
4 lead to local escalation of privilege with User status when app
execution privileges needed. User interaction is no longer uses
not needed for exploitation. autoVerify.
Kernel NA CVE- In ml_ff_destroy of ff-memless.c, there is possible The fix is
201 memory corruption due to a use after free. This designed to clean
9- could lead to local escalation of privilege if a up an effect
195 malicious USB device is used, with no additional timer.
24 execution privileges needed. User interaction is
not needed for exploitation.
Page 6
XXX Software Release Notes CONFIDENTIAL
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 141
34
Page 7
XXX Software Release Notes CONFIDENTIAL
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 141
05
Page 8
XXX Software Release Notes CONFIDENTIAL
MediaTek
components
NA CVE-
202
Vx.y
In mnld, there is a possible information disclosure
due to an exposed network socket. This could lead
The
designed
fix is
to
0- to remote information disclosure of the user's remove
009 location with no additional execution privileges externally
1 needed. User interaction is not needed for accessible
exploitation. sockets.
Page 9
XXX Software Release Notes CONFIDENTIAL
Vx.y supplemental
patch, both of
which are found
in the bulletin zip
file. This resolves
the previously
identified
functional
regression.
Android 8.0, 10 -
This patch did
not cause a
functional
regression and
has not changed
from the
previously
released version.
For partners who
have previously
applied and
retained this
patch there is no
action. For
Partners who
have not
previously
applied the patch
it is required as
part of SPL 2020-
04-01.These
instructions also
apply to CVE-
2019-8457 and
CVE-2019-9936
below.
Platform 10 CVE- In onOpActiveChanged and related methods of The fix is
202 AppOpsControllerImpl.java, there is a possible way designed to
0- to display an app overlaying other apps without prevent sending
008 the notification icon that it's overlaying. This could early termination
0 lead to local escalation of privilege with User of appop use.
execution privileges needed. User interaction is
needed for exploitation.
Platform 8.0,8.1,9 CVE- In finalize of AssetManager.java, there is possible The fix is
,10 202 memory corruption due to a double free. This designed to set
0- could lead to local escalation of privilege with no the pointer to
008 additional execution privileges needed. User zero after
1 interaction is not needed for exploitation. freeing.
Page 10
XXX Software Release Notes CONFIDENTIAL
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 105
75
Page 11
XXX Software Release Notes CONFIDENTIAL
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 106
10
Page 12
XXX Software Release Notes CONFIDENTIAL
Qualcomm
closed-
NA CVE-
201
Vx.y undefined
source 9-
components 140
11
Page 13