Product name Confidentiality level

LLD-L21 CONFIDENTIAL
Commercial Name
Total 11 pages
V100R001

XXX Software Release Notes Vx.y

Prepared by LLD Team Date 2018-04-27

Reviewed by LLD Team Date 2018-04-27
Approved by LLD Team Date 2018-04-27

Huawei Technologies Co., Ltd.

All rights reserved

 Revision Record
Date Revision Change Description Author
version
2014-03-25 1.0 V100R001 The first review
version
1. Change “Product version” to “Commercial Name”
2. Remove “Main features”
3. Make “Version Description” more clear
2018-2-13 2.1 4.Change” Improvement in the Previous Version” to
MR TEAM
“Improvement From the Previous Version”
4.Change “Effect” to “Remarks”
 Table of Contents
1 Version Description..................................................................................................................4
2 New Features..........................................................................................................................4
3 Improvement From the Previous Version................................................................................4
4 Known Limitations and Issues.................................................................................................5
5 Software Vulnerabilities Fixes..................................................................................................5
6 Others (optional).......................................................................................................................6
7 Reference(optional)..................................................................................................................6
 XXX Software Release Notes CONFIDENTIAL

Vx.y
XXX Software Release Notes Vx.y

1 Version Description
:

Current version LLD-L21 8.0.0.125(C185)

Previous version LLD-L21 8.0.0.124(C185)

OS version Android 8.0.0

EMUI version EMUI 8.0.0

CPU KIRIN 659

Baseband version
Kernel Version

Version Type Google Patch MR

2 New Features

Index Case ID Issue Description

2
I
Index Case ID Issue Description

3 Known Limitations and Issues

Index Issue Description Remarks

1
2
3

4 Software Vulnerabilities Fixes

[Software Vulnerabilities include Android Vulnerability, Third-party software Vulnerability, and Huawei
Vulnerability]
 XXX Software Release Notes CONFIDENTIAL

Vx.y
[Android Vulnerability is from Google, which reported publicly.]

[Third-party software is a type of computer software that is sold together with or provided for free in Huawei
products or solutions with the ownership of intellectual property rights (IPR) held by the original contributors.
Third-party software can be but is not limited to: Purchased software, Software that is built in or attached to
purchased hardware, Software in products of the original equipment manufacturer (OEM) or original design
manufacturer (ODM), Software that is developed with technical contribution from partners (ownership of IPR
all or partially held by the partners), Software that is legally obtained free of charge.
The data of third-party software vulnerabilities fixes can be exported from PDM.
If the table is excessively long, you can divide it into multiple ones by product version, or deliver it in an excel
file with patch release notes and provide reference information in this section.]

[Huawei Vulnerability is Huawei own software’ Vulnerability, which found by outside]

Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website:
http://web.nvd.nist.gov/view/vuln/search

Software/ Version CVE ID Vulnerability Impact Description

Module Description
name
Kernel NA CVE-2018- In lo_release The fix is designed to correct the
5344 of loop.c, locking.
there is a
possible use
after free due
to improper
locking. This
could lead to
local
escalation of
privilege with
System
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Kernel NA CVE-2017- In The fix is designed to use
15129 get_net_ns_b maybe_get_net(peer) instead of
y_id of get_net(peer).
net_namespa
ce.c, there is
a possible out
of bounds
write due to a
use after free.
This could
lead to local
escalation of
privilege due
to incorrect
reference
counting with
System
execution
privileges
 XXX Software Release Notes CONFIDENTIAL

Vx.y
needed. User
interaction is
not needed
for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In String16 of The fix is designed to correct the
,7.1.1,7.1.2, 13323 String16.cpp, integer overflow.
8.0,8.1 there is a
possible out
of bounds
write due to
an integer
overflow. This
could lead to
local
escalation of
privilege in an
unprivileged
process with
no additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to prevent the
,7.1.1,7.1.2, 13320 impeg2d_bit_ out of bounds read by copying
8.0,8.1 stream_flush( inputs into an internal buffer first.
) of
libmpeg2dec
there is a
possible out
of bounds
read due to a
missing
bounds
check. This
could lead to
Remote DoS
with no
additional
execution
privileges
needed. User
interaction is
needed for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to fix a bounds
,7.1.1,7.1.2, 13313 ElementaryStr check and update an offset,
8.0,8.1 eamQueue::d preventing the infinite loop.
equeueAccess
UnitMPEG4Vi
deo of
ESQueue.cpp,
 XXX Software Release Notes CONFIDENTIAL

Vx.y
there is
possible
a

infinite loop
leading to
resource
exhaustion
due to an
incorrect
bounds
check. This
could lead to
remote denial
of service
with no
additional
execution
privileges
needed. User
interaction is
needed for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to add a
,7.1.1,7.1.2, 13319 pvmp3_get_ bounds check to prevent the out
8.0,8.1 main_data_si of bounds read.
ze of
pvmp3_get_
main_data_si
ze.cpp, there
is a possible
out of bounds
read due to a
missing
bounds
check. This
could lead to
remote
information
disclosure of
global static
variables with
no additional
execution
privileges
needed. User
interaction is
needed for
exploitation.
Platform 7.0,7.1.1,7.1 CVE-2017- In The fix is designed to add the
.2,8.0,8.1 13314 setAllowOnly missing permission check.
VpnForUids of
NetworkMan
agementServi
ce.java, there
is a possible
security
settings
bypass due to
 XXX Software Release Notes CONFIDENTIAL

Vx.y
a missing
permission
check. This
could lead to
local
escalation of
privilege
allowing users
to access non-
VPN
networks,
when they
are supposed
to be
restricted to
the VPN
networks,
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to ensure that
,7.1.1,7.1.2, 13315 writeToParcel the read and write serialization
8.0,8.1 and calls match.
createFromPa
rcel of
DcParamObje
ct.java, there
is a
permission
bypass due to
a write size
mismatch.
This could
lead to an
elevation of
privileges
where the
user can start
an activity
with system
privileges,
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to ensure that
 XXX Software Release Notes CONFIDENTIAL

,7.1.1,7.1.2,
8.0,8.1
13310 Vx.y
createFromPa
rcel of
the read and write serialization
calls match.
ViewPager.jav
a, there is a
possible
read/write
serialization
issue leading
to a
permissions
bypass. This
could lead to
local
escalation of
privilege
where an app
can start an
activity with
system
privileges
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Platform 8.0 CVE-2017- In The fix is designed to ensure that
13312 createFromPa the read and write serialization
rcel of calls match.
MediaCas.jav
a, there is a
possible
parcel
read/write
mismatch due
to improper
input
validation.
This could
lead to local
escalation of
privilege
where an app
can start an
activity with
system
privileges
with no
additional
execution
privileges
needed. User
interaction is
not needed
 XXX Software Release Notes CONFIDENTIAL

Vx.y
for
exploitation.
Platform 7.0,7.1.1,7.1 CVE-2017- In the read() The fix is designed to ensure that
.2,8.0,8.1 13311 function of the read and write serialization
ProcessStats.j calls match.
ava, there is a
possible
read/write
serialization
issue leading
to a
permissions
bypass. This
could lead to
local
escalation of
privilege
where an app
can start an
activity with
system
privileges
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to fix the
,7.1.1,7.1.2, 13316 checkPermissi missing permission check.
8.0,8.1 ons of
RecognitionSe
rvice.java,
there is a
possible
permissions
bypass due to
a missing
permission
check. This
could lead to
local
information
disclosure
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
 XXX Software Release Notes CONFIDENTIAL

Platform 8.0,8.1
13321
Vx.y
CVE-2017-In
SensorService
The fix is designed to add a
bounds check in order to prevent
::isDataInjecti the out of bounds read.
onEnabled of
SensorService
.cpp, there is
a possible out
of bounds
read due to a
missing
bounds
check. This
could lead to
local
information
disclosure
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.
Platform 6.0,6.0.1,7.0 CVE-2017- In The fix is designed to add the
,7.1.1,7.1.2, 13322 endCallForSu missing permission check.
8.0,8.1 bscriber of
PhoneInterfac
eManager.jav
a, there is
missing
permission
check. This
could lead to
local denial of
service where
a phone call
can be ended
with no
additional
execution
privileges
needed. User
interaction is
not needed
for
exploitation.

5 Others
6 Reference