Product name Confidentiality level

RKY-LX3 CONFIDENTIAL
Commercial Name
Total 8 pages
HONOR X7a

Prepared by RKY Team Date 2022-12-05

Reviewed by RKY Team Date 2022-12-05
Approved by RKY Team Date 2022-12-05

All rights reserved

Page 1
 Revision Record
Date Revision Change Description Author
version
2022-12-05 1.0 First draft RKY TEAM

Page 2
 Table of Contents
1Version Description........................................................................................................................4
2New Features.................................................................................................................................4
3Improvement from the Previous Version...........................................................................................5
4Known Limitations and Issues.........................................................................................................5
5Software Vulnerabilities Fixes.........................................................................................................5

Page 3
1 Version Description
Model RKY-LX3

Build number 6.1.0.108(C605E1R100P1)

Previous released
NA
number
IMEI SV 01
Android version 12
Magic version 6.1
CPU Mediatek Helio G37
Android security patch November 1, 2022
MOLY.LR12A.R2.TC36.PR1.SP.V1.0.6.P70,MOLY.LR12A.R2.TC36.
Baseband version
PR1.SP.V1.0.6.P70
4.19.191-g99072185b32b android@localhost #1 The Dec 1 15:54:27
Kernel Version
CST 2022
Version Type TA

2 New Features
Index Feature Description
Incorporated Android November 2022 security patches to enhance system
1
security.
2 Incorporate the basic needs of the market.

3 Improvement from the Previous Version

Index Issue Description
Peru movistar and Samsung auxiliary machine VILTE call, Rocky's video is
1
obviously stuck
Register VOLTE, and after the conference phone is merged, the device number is
2
displayed incorrectly
Set the same language and country (Latin American and Latin American
3 corresponding countries) during boot navigation, and turn on the keyboard after the
boot navigation. The default language is not Latin American
Insert a Colombia WOM SIM card that supports VoLTE. When you go to
4 Call>Settings>More, the terminal displays pop-up messages about network or SIM
card errors

Page 4
 Index Issue Description

5 Incorrect translation of game center interface

4 Known Limitations and Issues

Index Issue Description Remarks
1 NA

5 Software Vulnerabilities Fixes

Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search

Software/ Version CVE ID Vulnerability Description Impact

Module Description
name
Platform 10,11,12 CVE- In navigateUpTo of Task.java, there is The fix is
,12L,13 2022- a possible way to launch an unexported designed to
20441 intent handler due to a logic error in the add a
code. This could lead to local permission
escalation of privilege if the targeted check.
app has an intent trampoline, with no
additional execution privileges needed.
User interaction is not needed for
exploitation.
Platform 10,11,12 CVE- In buzzBeepBlinkLocked of The fix is
,12L,13 2022- NotificationManagerService.java, there designed to
20448 is a possible way to share data across add the
users due to a permissions bypass. This missing cross
could lead to local escalation of user check.
privilege with no additional execution
privileges needed. User interaction is
not needed for exploitation.
Platform 10,11,12 CVE- In restorePermissionState of The fix is
,12L,13 2022- PermissionManagerServiceImpl.java, designed to
20450 there is a possible way to bypass user remove the
consent due to a missing permission AR permission
check. This could lead to local auto-grant.
escalation of privilege with no
additional execution privileges needed.
User interaction is not needed for
exploitation.
Platform 10,11,12 CVE- In AutomaticZenRule of This fix is
,12L,13 2022- AutomaticZenRule.java, there is a designed to
20456 possible failure to persist permissions trim long
settings due to resource exhaustion. inputs.
This could lead to local escalation of
privilege with no additional execution
privileges needed. User interaction is
not needed for exploitation.
Platform 10,11,12 CVE- In addAutomaticZenRule of The fix is
,12L,13 2022- ZenModeHelper.java, there is a designed to
20455 possible resource exhaustion leading to verify the
local persistent denial of service with caller is the
no additional execution privileges system.

Page 5
 needed. User interaction is not needed
for exploitation.
Platform 10,11,12 CVE- In multiple functions of many files, The fix is
,12L,13 2022- there is a possible obstruction of the designed to
20426 user's ability to select a phone account use a
due to resource exhaustion. This could ParceledListSl
lead to local denial of service with no ice instead of a
additional execution privileges needed. List so
User interaction is not needed for interprocess
exploitation. communicatio
n won’t fail
even with
large lists.
Platform 10,11,12 CVE- In onCreate of The fix is
,12L 2022- ReviewPermissionsActivity.java, there designed to
20442 is a possible way to grant permissions hide overlays.
for a separate app with API level < 23
due to a tapjacking/overlay attack. This
could lead to local escalation of
privilege with User execution
privileges needed. User interaction is
needed for exploitation.
Platform 12,12L,1 CVE- In onCallRedirectionComplete of
3 2022- CallsManager.java, there is a possible
20451 permissions bypass due to a missing
permission check. This could lead to
local escalation of privilege with no
additional execution privileges needed.
User interaction is needed for
exploitation.Product: AndroidVersions:
Android-10 Android-11 Android-12
Android-12L Android-13Android ID:
A-235098883
Platform 10,11,12 CVE- In fdt_next_tag of fdt.c, there is a The fix is
,12L,13 2022- possible out of bounds write due to an designed to
20454 integer overflow. This could lead to change the
local escalation of privilege with calculations to
System execution privileges needed. prevent the
User interaction is not needed for integer
exploitation. overflow.
Platform 10,11,12 CVE- In pinReplyNative of The fix is
,12L,13 2022- com_android_bluetooth_btservice_Ada designed to
20461 pterService.cpp, there is a possible out add a
of bounds read due to type confusion. temporary pin
This could lead to local escalation of buffer.
privilege of BLE with no additional
execution privileges needed. User
interaction is not needed for
exploitation.
Platform 10,11,12 CVE- In phNxpNciHal_write_unlocked of The fix is
,12L,13 2022- phNxpNciHal.cc, there is a possible out designed to
20462 of bounds write due to a missing add the
bounds check. This could lead to local missing
escalation of privilege with no bounds check.
additional execution privileges needed.
User interaction is not needed for
exploitation.
Platform 10,11,12 CVE- In factoryReset of WifiServiceImpl, This fix is
,12L,13 2022- there is a possible way to preserve designed to

Page 6
 20463 WiFi settings due to a logic error in the remove wifi
code. This could lead to a local non- certificates in
security issue across network factory the event of a
resets with no additional execution network
privileges needed. User interaction is factory reset.
not needed for exploitation.
Platform 10,11,12 CVE- In dismiss and related functions of The fix is
,12L,13 2022- KeyguardHostViewController.java and designed to
20465 related files, there is a possible change
lockscreen bypass due to a logic error dismiss() calls
in the code. This could lead to local so they won't
escalation of privilege with no dismiss
additional execution privileges needed. screens that
User interaction is not needed for don't match
exploitation. the expected
security
method.
Platform 10,11,12 CVE- In process_service_search_rsp of The fix is
,12L,13 2022- sdp_discovery.cc, there is a possible designed to
20445 out of bounds read due to improper check for
input validation. This could lead to pointer
remote information disclosure with no arithmetic
additional execution privileges needed. overflow.
User interaction is not needed for
exploitation.
Platform 10,11,12 CVE- In setImpl of The fix is
,12L,13 2022- AlarmManagerService.java, there is a designed to
20414 possible way to put a device into a boot avoid system
loop due to an uncaught exception. crash when
This could lead to local denial of getting to the
service with no additional execution limit.
privileges needed. User interaction is
not needed for exploitation.
Platform 10,11,12 CVE- In update of MmsProvider.java, there is The fix is
,12L,13 2022- a possible constriction of directory designed to
20453 permissions due to a path traversal check the
error. This could lead to local denial of directory path.
service of SIM recognition with no
additional execution privileges needed.
User interaction is needed for
exploitation.
Platform 12,12L CVE- In broadcastServiceStateChanged of The fix is
2022- TelephonyRegistry.java, there is a designed to
20115 possible way to learn base station add the
information without location missing
permission due to a missing permission permission
check. This could lead to local check.
information disclosure with User
execution privileges needed. User
interaction is not needed for
exploitation.

Page 7