Scribd
Upload
300 views9 pages

HUAWEI MAR-LX1A 10.0.0.167 (C431E8R2P7) Dual EEA Release Notes

This document provides release notes for the MAR-LX1A XXX Software version Vx.y. It lists the new version number, previous version number, and includes sections for the version description, new features, improvements from previous versions, known limitations and issues, and software vulnerabilities fixes. The document contains confidential information for Huawei's MAR-LX1A device and its XXX Software release.

Uploaded by

josebatres
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
300 views9 pages

HUAWEI MAR-LX1A 10.0.0.167 (C431E8R2P7) Dual EEA Release Notes

This document provides release notes for the MAR-LX1A XXX Software version Vx.y. It lists the new version number, previous version number, and includes sections for the version description, new features, improvements from previous versions, known limitations and issues, and software vulnerabilities fixes. The document contains confidential information for Huawei's MAR-LX1A device and its XXX Software release.

Uploaded by

josebatres
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Product name Confidentiality level

MAR-LX1A CONFIDENTIAL
Commercial Name
Total 7 pages
HUAWEI P30 lite

HUAWEI MAR-LX1A
XXX Software Release Notes Vx.y

Prepared by MAR Team Date 2020-01-04


Reviewed by MAR Team Date 2020-01-04
Approved by MAR Team Date 2020-01-04

Huawei Technologies Co., Ltd.

All rights reserved


Revision Record
Date Revision Change Description Author
version
yyyy-mm-dd 1.0 Release for version V100R001CXXB001 XXX TEAM

yyyy-mm-dd 1.1 Add OTA feature description XXX TEAM


yyyy-mm-dd 2.0 Release for version V100R001CXXB002 XXX TEAM

1. Change “Product version” to “Commercial Name”


2. Remove “Main features”
3. Make “Version Description” more clear
2018-2-13 2.1 4.Change” Improvement in the Previous Version” to
MR TEAM
“Improvement From the Previous Version”
4.Change “Effect” to “Remarks”

2018-5-18 2.2 Add match EMUI 9.0 template Custom Team


1. Delete column “Case ID”
2018-8-8 2.2 2. Change “Issue Description” to “Feature MR TEAM
Description” in New Features

2019-1-1 2.3 1. Add “IMEI SV” in Version Description. MR TEAM

2019-3-12 2.3.1 1. Update Version Description. I&M

2019-5-17 2.3.2 1. Add “Android security patch” I&M


Table of Contents
1 Version Description..................................................................................................................4
2 New Features..........................................................................................................................4
3 Improvement from the Previous Version.................................................................................4
4 Known Limitations and Issue...................................................................................................4
5 Software Vulnerabilities Fixes..................................................................................................5
MAR-LX1A XXX Software Release Notes Vx.y

CONFIDENTIAL

XXX Software Release Notes Vx.y

1 Version Description

Model MAR-LX1A

Build number 10.0.0.167(C431E8R2P7)

Previous released number 9.1.0.317(C431E6R2P3)

IMEI SV 20
Android version Android 10

EMUI version EMUI 10.0.0

CPU Hisilicon Kirin 710


Android security patch 1 December 2019
Baseband version 21C20B388S000C000;21C20B388S000C000
4.14.116
Kernel Version android@localhost#1
Thu Jan 2 16:26:34 CST 2020
Version Type TA

2 New Features
Index Feature Description

1 Upgrade from EMUI9.1 to EMUI10.0

3 Improvement from the Previous Version


Index Issue Description

1 AR000DGF3E-On Telia vowifi

2 AR000D77I8-add Huawei Browser

3 AR000D7USB/AR000D7UPJ- Android logo is added to the startup page

4 Known Limitations and Issue


Index Issue Description Remarks
1 NA

Page 4
MAR-LX1A XXX Software Release Notes Vx.y

CONFIDENTIAL

5 Software Vulnerabilities Fixes


Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search
#12 Google Security Patch:December 2019
Software/ CVE
Version Vulnerability Description Impact Description
Module name ID
In ComposeActivityEmailExternal
of
ComposeActivityEmailExternal.jav
a, there is a possible way to
silently attach files to an email due
CVE- to a confused deputy. This could The fix is designed to
8.0,8.1,9,1
Platform 2019- lead to local information remove the extra data from
0
2124 disclosure, sending files accessible the Intent.
to AOSP Mail to a remote email
recipient with no additional
execution privileges needed. User
interaction is needed for
exploitation.
In System UI, there is a possible
bypass of user's consent for access
to sensor data due to a race The fix is designed to
CVE-
condition. This could lead to local ensure that sensor access
Platform 9,10 2019-
information disclosure with no notifications remain visible
2219
additional execution privileges to user.
needed. User interaction is not
needed for exploitation.
In sdpu_get_len_from_type of
sdp_utils.cc, there is a possible out
of bounds read due to a missing
The fix is designed to add
CVE- bounds check. This could lead to
8.0,8.1,9,1 missing bounds checks and
Platform 2019- remote information disclosure
0 disconnect if invalid lengths
2116 with no additional execution
are found.
privileges needed. User
interaction is not needed for
exploitation.
In array_find of array.c, there is a
possible out-of-bounds read due
to an incorrect bounds check. This
CVE- could lead to local information The fix is designed to
8.0,8.1,9,1
Platform 2019- disclosure in the printer spooler update to the latest version
0
2228 with no additional execution of libcups.
privileges needed. User
interaction is not needed for
exploitation.
Platform 8.0,8.1,9,1 CVE- When pairing with a Bluetooth The fix is designed to only
0 2019- device, it may be possible to pair a auto-accept JustWorks
2225 malicious device without any connections for temporary
confirmation from the user, and pairing.
that device may be able to
interact with the phone. This
could lead to remote escalation of
privilege with no additional
execution privileges needed. User
Page 5
MAR-LX1A XXX Software Release Notes Vx.y

CONFIDENTIAL

interaction is not needed for


exploitation.
In f_midi_set_alt of f_midi.c, there
is a possible heap overwrite due
CVE-
to a double free. This could lead to The fix is designed to
2018-
Kernel NA local escalation of privilege with prevent multiple frees by
2096
no additional execution privileges clearing freed pointers.
1
needed. User interaction is not
needed for exploitation.
In checkOperation of
AppOpsService.java, there is a
possible bypass of user interaction
requirements due to mishandling
CVE- The fix is designed to
application suspend. This could
Platform 9,10 2019- revoke certain app-ops on
lead to local information
2220 application suspend.
disclosure no additional execution
privileges needed. User
interaction is not needed for
exploitation.
In hasActivityInVisibleTask of
WindowProcessController.java
there’s a possible bypass of user
interaction requirements due to
The fix is designed to not
CVE- incorrect handling of top activities
consider the INITIALIZING
Platform 10 2019- in INITIALIZING state. This could
state when determining if a
2221 lead to local escalation of privilege
task is visible.
with no additional execution
privileges needed. User
interaction is not needed for
exploitation.
In tcp_connect_init of
tcp_output.c, there is a possible
CVE- memory corruption due to a use-
The fix is designed to reset
2019- after-free. This could lead to local
Kernel NA internal state after purging
1523 escalation of privilege with no
the TCP write queue.
9 additional execution privileges
needed. User interaction is not
needed for exploitation.
In ReadMATImage of mat.c, there
is a possible out of bounds write
due to a missing bounds check.
This could lead to remote code
CVE- The fix is designed to add
8.0,8.1,9,1 execution in an unprivileged
Platform 2019- bounds checks and other
0 process when loading a MATLAB
2224 verification.
image file with no additional
execution privileges needed. User
interaction is needed for
exploitation.
Platform 10,8.0,8.1, CVE- In ihevcd_parse_slice_data of The fix is designed to add a
9 2019- ihevcd_parse_slice.c, there is a missing size check.
2222 possible out of bounds write due
to a missing bounds check. This
could lead to remote code
execution with no additional
execution privileges needed. User
interaction is needed for
Page 6
MAR-LX1A XXX Software Release Notes Vx.y

CONFIDENTIAL

exploitation.
In device_class_to_int of
device_class.cc, there is a possible
out of bounds read due to
CVE- improper casting. This could lead The fix is designed to use
8.0,8.1,9,1
Platform 2019- to local information disclosure in memcpy instead of an
0
2226 the Bluetooth server with User unsafe cast.
execution privileges needed. User
interaction is not needed for
exploitation.
In updateWidget of
BaseWidgetProvider.java, there is
a possible leak of user data due to
CVE- a missing permission check. This The fix is designed to
8.0,8.1,9,1
Platform 2019- could lead to local information protect UPDATE_WIDGET
0
2229 disclosure with no additional with a new permission.
execution privileges needed. User
interaction is not needed for
exploitation.
In p54u_load_firmware_cb of
p54usb.c, there is a possible
The fix is designed to
CVE- memory corruption due to a use-
prevent the user-after-free
2019- after-free. This could lead to local
Kernel NA by adding locking and
1522 escalation of privilege with no
adjust ordering of
0 additional execution privileges
operations to avoid races.
needed. User interaction is not
needed for exploitation.
In handleRun of TextLine.java,
there is a possible application
crash due to improper input
The fix is designed to
CVE- validation. This could lead to
8.0,8.1,9,1 detect the improper input
Platform 2019- remote denial of service when
0 and abort the text
2232 processing Unicode with no
rendering at that point.
additional execution privileges
needed. User interaction is not
needed for exploitation.
In ihevcd_ref_list of
ihevcd_ref_list.c, there is a
possible out of bounds write due
The fix is designed to reset
CVE- to a missing bounds check. This
10,8.0,8.1, the slice header to zero at
Platform 2019- could lead to remote code
9 the start of slice header
2223 execution with no additional
decoding.
execution privileges needed. User
interaction is needed for
exploitation.
In DeepCopy of btif_av.cc, there is
a possible out of bounds read due
to improper casting. This could
CVE- The fix is designed to use a
lead to remote information
Platform 9,10 2019- larger data type so the read
disclosure over Bluetooth with no
2227 is safe.
additional execution privileges
needed. User interaction is not
needed for exploitation.
CVE- In setCpuVulkanInUse of The fix is designed to
Platform 10 2019- GpuStats.cpp, there is possible refactor the code to allow
2217 memory corruption due to a use for uniform usage and add
Page 7
MAR-LX1A XXX Software Release Notes Vx.y

CONFIDENTIAL

after free. This could lead to local


escalation of privilege with no
additional execution privileges locking.
needed. User interaction is not
needed for exploitation.
In various functions of
RecentLocationApps.java,
DevicePolicyManagerService.java,
and RecognitionService.java, there The fix is designed to
is an incorrect warning indicating differentiate between
CVE-
an app accessed the user's system level checks, and
Platform 10 2019-
location. This could dissolve the cases where an application
9464
trust in the platform's permission has requested access to
system, with no additional data.
execution privileges needed. User
interaction is needed for
exploitation.
In createSessionInternal of
PackageInstallerService.java, there
is a possible improper permission
grant due to a missing permission
CVE- The fix is designed to
check. This could lead to local
Platform 10 2019- remove the
escalation of privilege by installing
2218 INSTALL_ALLOW_TEST flag.
malicious packages with User
execution privileges needed. User
interaction is not needed for
exploitation.
In nfcManager_routeAid and
nfcManager_unrouteAid of
NativeNfcManager.cpp, there is
possible memory reuse due to a The fix is designed to
CVE-
use after free. This could lead to correct variable scoping so
Platform 10 2019-
remote information disclosure a buffer is not freed
2230
with no additional execution prematurely.
privileges needed. User
interaction is not needed for
exploitation.
In Blob::Blob of blob.cpp, there is
a possible unencrypted master key
due to improper input validation. The fix is designed to add a
CVE-
This could lead to local check for
Platform 9,10 2019-
information disclosure with TYPE_MASTER_KEY_AES25
2231
System execution privileges 6.
needed. User interaction is not
needed for exploitation.
In the FIQ debugger, there is a
possible unauthorized access to a
device due to a race condition.
CVE-
Update: Kernel This could lead to local escalation The fix is designed to
NA 2017-
components of privilege with no additional remove the FIQ debugger.
0510
execution privileges needed. User
interaction is not needed for
exploitation.
CVE- In the FIQ debugger, there is a
Update: Kernel The fix is designed to
NA 2017- possible unauthorized access to a
components remove the FIQ debugger.
0648 device due to a race condition.
Page 8
MAR-LX1A XXX Software Release Notes Vx.y

CONFIDENTIAL

This could lead to local escalation


of privilege with no additional
execution privileges needed. User
interaction is not needed for
exploitation.

Page 9

You might also like