Product name Confidentiality level

OXF-AN10 CONFIDENTIAL
Commercial Name
Total 6 pages
Honor View30 PRO

XXX Software Release Notes Vx.y

Prepared by OXF Team Date 2020-7-28

Reviewed by OXF Team Date 2020-7-28
Approved by OXF Team Date 2020-7-28

Huawei Technologies Co., Ltd.

All rights reserved

 Revision Record
Date Revision Change Description Author
version
yyyy-mm-dd 1.0 Release for version V100R001CXXB001 XXX TEAM

yyyy-mm-dd 1.1 Add OTA feature description XXX TEAM

yyyy-mm-dd 2.0 Release for version V100R001CXXB002 XXX TEAM

1. Change “Product version” to “Commercial Name”

2. Remove “Main features” 3. Make “Version
2018-2-13 2.1 Description” more clear 4.Change” Improvement in MR TEAM
the Previous Version” to “Improvement From the
Previous Version” 4.Change “Effect” to “Remarks”

2018-5-18 2.2 Add match EMUI 9.0 template Custom Team

1. Delete column “Case ID” 2. Change “Issue
2018-8-8 2.2 Description” to “Feature Description” in New MR TEAM
Features

2019-1-1 2.3 1. Add “IMEI SV” in Version Description. MR TEAM

2019-3-12 2.3.1 1. Update Version Description. I&M

2019-5-17 2.3.2 1. Add “Android security patch” I&M

 Table of Contents
1 Version Description..................................................................................................................4
2 New Features..........................................................................................................................4
3 Improvement from the Previous Version.................................................................................4
4 Known Limitations and Issues.................................................................................................4
5 Software Vulnerabilities Fixes..................................................................................................5
 XXX Software Release Notes CONFIDENTIAL

Vx.y
XXX Software Release Notes Vx.y

1 Version Description
Model OXF-AN10

Build number 3.1.0.218(C10E1R2P1)

Previous released number 3.1.0.216(C10E1R2P1)

IMEI SV 04

OS version Android 10.0.0

EMUI version EMUI3.1.0

CPU Huawei Kirin 990 5G

Android security patch July 1, 2020
Baseband version 21C20B517S000C000,21C20B517S000C000
4.14.116
Kernel Version android@localhost #1
Fri Jul 24 17:00:26 CST 2020
Version Type GooglePatch MR

2 New Features
Index Feature Description

1 NA

2 NA

3 Improvement from the Previous Version

Index Issue Description

1 Integrates Android security patches released in July 2020 for improved system security.

2 NA

4 Known Limitations and Issues

Index Issue Description Remarks
1 NA NA
2
3

Page 4
 XXX Software Release Notes CONFIDENTIAL

Vx.yFixes
5 Software Vulnerabilities

Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search

Google Security Patch：july 2020

Software/ Version CV Vulnerability Description Impact
Module E Description
name ID
Kernel NA CV In set_selection of selection.c, there is a possible The fix is
E- memory corruption due to a use after free. This could designed to add
202 lead to local escalation of privilege in the kernel with locking.
0- no additional execution privileges needed. User
864 interaction is not needed for exploitation.
8
Kernel NA CV In do_last of namei.c, there is a possible information The fix is
E- disclosure due to a double free. This could lead to designed to cache
202 local information disclosure with no additional the required data
0- execution privileges needed. User interaction is not before it is freed.
842 needed for exploitation.
8
Software/ Version CV Vulnerability Description Impact
Module E Description
name ID
Platform 8.0,8.1,9 CV In DecodeImage of dng_lossless_jpeg.cpp, there is a The fix is
,10 E- possible out of bounds read due to an incorrect designed to
202 bounds check. This could lead to remote code check that the
0- execution with no additional execution privileges number of
958 needed. User interaction is not needed for columns is valid.
9 exploitation.
Platform 8.0,8.1,9 CV In the permission declaration for The fix is
,10 E- com.google.android.providers.gsf.permission.WRIT designed to
202 E_GSERVICES in AndroidManifest.xml, there is a restrict the
0- possible permissions bypass. This could lead to local WRITE_GSERV
012 escalation of privilege with System execution ICES permission
2 privileges needed. User interaction is not needed for to signature only.
exploitation.
Platform 8.0,8.1,9 CV In FastKeyAccumulator::GetKeysSlow of keys.cc, The fix is
,10 E- there is a possible out of bounds write due to type designed to
202 confusion. This could lead to remote code execution ensure that the
0- when processing a proxy configuration with no object passed to
022 additional execution privileges needed. User RegExpReplace
4 interaction is not needed for exploitation. is an unmodified
regexp.
Platform 10 CV In getUiccCardsInfo of PhoneInterfaceManager.java, The fix is
E- there is a possible permissions bypass due to designed to
202 improper input validation. This could lead to local check that the
0- information disclosure with no additional execution calling package
010 privileges needed. User interaction is not needed for UID matches the
7 exploitation. UID of the
package name
provided.
Platform 10 CV In a2dp_vendor_ldac_decoder_decode_packet of The fix is
E- a2dp_vendor_ldac_decoder.cc, there is a possible out designed to add
202 of bounds write due to a missing bounds check. This the missing
0- could lead to remote code execution with no length check.
022 additional execution privileges needed. User
Page 5
 XXX Software Release Notes CONFIDENTIAL

Platform 8.0,8.1,9
5
CV
Vx.y
interaction is not needed for exploitation.
In onCommand of The fix is
,10 E- CompanionDeviceManagerService.java, there is a designed to add a
202 possible permissions bypass due to a missing new permission
0- permission check. This could lead to local escalation and
022 of privilege allowing background data usage or corresponding
7 launching from the background, with no additional permission
execution privileges needed. User interaction is not check.
needed for exploitation.

Page 6