Product name Confidentiality level

POT-LX1 CONFIDENTIAL
Commercial Name
Total 6 pages
HUAWEI P Smart 2019

HUAWEI POT-LX1

XXX Software Release Notes Vx.y

Prepared by POT Team Date 2020-10-28

Reviewed by POT Team Date 2020-10-28
Approved by POT Team Date 2020-10-28

Huawei Technologies Co., Ltd.

All rights reserved

 Revision Record

Date Revision Change Description Author

version
2020-10-28 1.0 Release for version V100R001CXXB001 POT TEAM
 Table of Contents
1 Version Description..................................................................................................................4
2 New Features..........................................................................................................................4
3 Improvement from the Previous Version.................................................................................4
4 Known Limitations and Issue...................................................................................................4
5 Software Vulnerabilities Fixes..................................................................................................4
 POT-LX1 XXX Software Release Notes Vx.y

CONFIDENTIAL

POT-LX1 10.0.0.260(C431E8R4P1)
Release Notes

1 Version Description

Model POT-LX1

Build number 10.0.0.260(C431E8R4P1)

Previous released number 10.0.0.252(C431E8R4P1)

IMEI SV 35
Android version Android 10

EMUI version EMUI 10.0.0

CPU Hisilicon Kirin 710

Security patch level 1 October 2020
Baseband version 21C20B388S000C000, 21C20B388S000C000
4.14.116
Kernel Version android@localhost #1
Tue Oct 27 13:26:27 CST 2020
Version Type SMR

2 New Features
Index Feature Description

1 NA

3 Improvement from the Previous Version

Index Issue Description
Integrates Android security patches released in October 2020 for improved system
1
security

4 Known Limitations and Issue

Index Issue Description Remarks
1 NA NA

5 Software Vulnerabilities Fixes

Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search
Page 4
 POT-LX1 XXX Software Release Notes Vx.y

CONFIDENTIAL

#10 Android Security patch: October 2020

Software
Impact
/Module Version CVE ID Vulnerability Description
Description
name
The fix is
In onCreateSliceProvider of KeyguardSliceProvider.java,
designed to
there is a possible confused deputy due to a
CVE- properly
PendingIntent error. This could lead to local escalation
Platform 10 2020- restrict the
of privilege that allows actions performed as the
0114 component
System UI, with no additional execution privileges
class of the
needed. User interaction is not needed for exploitation.
PendingIntent.
In hevcd_fmt_conv_420sp_to_420sp_av8 of NA
ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible
CVE-
out of bounds write due to a heap buffer overflow. This
Platform 10,11 2020-
could lead to remote information disclosure with no
0213
additional execution privileges needed. User interaction
is needed for exploitation.
In onCreate of ConfirmConnectActivity.java, there is a NA
possible leak of Bluetooth information due to a
CVE-
8.0,8.1,9, permissions bypass. This could lead to local escalation
Platform 2020-
10,11 of privilege that exposes a pairing Bluetooth MAC
0215
address with no additional execution privileges needed.
User interaction is needed for exploitation.
In getCarrierPrivilegeStatus of UiccAccessRule.java, NA
CVE- there is a missing permission check. This could lead to
Platform 10,11 2020- local information disclosure of EID data with no
0246 additional execution privileges needed. User interaction
is not needed for exploitation.
In gatt_process_read_by_type_rsp of gatt_cl.cc, there is NA
a possible out of bounds read due to a missing bounds
CVE-
8.0,8.1,9, check. This could lead to remote information disclosure
Platform 2020-
10,11 in the Bluetooth server with no additional execution
0377
privileges needed. User interaction is not needed for
exploitation.
In onWnmFrameReceived of PasspointManager.java, NA
CVE- there is a missing permission check. This could lead to
Platform 9,10,11 2020- local information disclosure of location data with User
0378 execution privileges needed. User interaction is not
needed for exploitation.
In updateMwi of NotificationMgr.java, there is a NA
CVE- possible permission bypass due to a PendingIntent
Platform 10,11 2020- error. This could lead to local information disclosure
0398 with User execution privileges needed. User interaction
is not needed for exploitation.
In showDataRoamingNotification of NA
NotificationMgr.java, there is a possible permission
CVE-
bypass due to an unsafe PendingIntent. This could lead
Platform 10,11 2020-
to local information disclosure with User execution
0400
privileges needed. User interaction is not needed for
exploitation.
In remove of String16.cpp, there is a possible out of NA
CVE- bounds write due to an integer overflow. This could
8.0,8.1,9,
Platform 2020- lead to local escalation of privilege with no additional
10,11
0408 execution privileges needed. User interaction is not
needed for exploitation.
Page 5
 POT-LX1 XXX Software Release Notes Vx.y

CONFIDENTIAL

In setNotification of SapServer.java, there is a possible NA

CVE- permission bypass due to a PendingIntent error. This
8.0,8.1,9,
Platform 2020- could lead to local information disclosure with User
10,11
0410 execution privileges needed. User interaction is not
needed for exploitation.
In ~AACExtractor() of AACExtractor.cpp, there is a NA
CVE- possible out of bounds write due to uninitialized data.
Platform 10,11 2020- This could lead to remote information disclosure with
0411 no additional execution privileges needed. User
interaction is needed for exploitation.
In setProcessMemoryTrimLevel of NA
ActivityManagerService.java, there is a missing
CVE-
8.0,8.1,9, permission check. This could lead to local information
Platform 2020-
10,11 disclosure of foreground processes with no additional
0412
execution privileges needed. User interaction is not
needed for exploitation.
In gatt_process_read_by_type_rsp of gatt_cl.cc, there is NA
a possible out of bounds read due to a missing bounds
CVE-
8.0,8.1,9, check. This could lead to remote information disclosure
Platform 2020-
10,11 in the Bluetooth server with no additional execution
0413
privileges needed. User interaction is not needed for
exploitation.
In AudioFlinger::RecordThread::threadLoop of NA
audioflinger/Threads.cpp, there is a possible non-
CVE-
silenced audio buffer due to a permissions bypass. This
Platform 10,11 2020-
could lead to remote information disclosure with no
0414
additional execution privileges needed. User interaction
is needed for exploitation.
In various locations in SystemUI, there is a possible NA
CVE- permission bypass due to an unsafe PendingIntent. This
8.0,8.1,9,
Platform 2020- could lead to local information disclosure of contact
10,11
0415 data with User execution privileges needed. User
interaction is not needed for exploitation.
In multiple settings screens, there are possible NA
CVE- tapjacking attacks due to an insecure default value. This
8.0,8.1,9,
Platform 2020- could lead to local escalation of privilege and
10,11
0416 permissions with no additional execution privileges
needed. User interaction is needed for exploitation.
In generateInfo of PackageInstallerSession.java, there is NA
a possible leak of cross-profile URI data during app
CVE-
8.1,9,10, installation due to a missing permission check. This
Platform 2020-
11 could lead to local information disclosure with no
0419
additional execution privileges needed. User interaction
is not needed for exploitation.
In appendFormatV of String8.cpp, there is a possible NA
CVE- out of bounds write due to incorrect error handling.
8.0,8.1,9,
Platform 2020- This could lead to local escalation of privilege with no
10,11
0421 additional execution privileges needed. User interaction
is not needed for exploitation.

Page 6