Kyocera DuraForce Pro (E6820) QCN FEATURED [ 2024-11-17 15:38:21 ]
SourceInfo.txt FEATURED [ 2024-11-15 22:42:47 ]
ROM1_modemst2_000746500000_000746700000.bin FEATURED [ 2024-11-15 22:41:36 ]
ROM1_modemst1_000746300000_000746500000.bin FEATURED [ 2024-11-15 22:41:13 ]
ROM1_fsg_000736E80000_000737080000.bin FEATURED [ 2024-11-15 22:40:50 ]
HBG4a2_3571948A_20240623_200235.extcsd FEATURED [ 2024-11-15 22:40:23 ]
e6820 kecora_patched.qcn FEATURED [ 2024-11-15 22:39:53 ]
0%

Huawei Yale-L61A 10.1.0.225(C431E3R1P2) EMUI10.1.0 firmware download

Featured

update_sd_base.zip_update_sd_cust_YAL-L61_hw_eea.zip_update_sd_preload_YAL-L61_hw_eea_R1.zip

Date 2020-10-16 13:38:34
Filesize 4.70 GB
Visits 596
Download


Product name Confidentiality level
YAL-L21 CONFIDENTIAL
Commercial Name Total 7 pages
HUAWEI nova 5T

 

HUAWEI YAL-L21 10.1.0.225(C431E3R1P2) Software Release Notes

 


Prepared by YALTeam Date 2020-06-16
Reviewed by YALTeam Date 2020-06-16
Approved by YALTeam Date 2020-06-16

 

 

 

 

 

Huawei Technologies Co., Ltd.

All rights reserved

Revision Record

Date Revision version Change Description Author
yyyy-mm-dd 1.0 Release for version V100R001CXXB001 XXX TEAM
yyyy-mm-dd 1.1 Add OTA feature description XXX TEAM
yyyy-mm-dd 2.0 Release for version V100R001CXXB002 XXX TEAM
2018-2-13 2.1 1. Change “Product version” to “Commercial Name”
2. Remove “Main features”
3. Make “Version Description” more clear
4.Change” Improvement in the Previous Version” to “Improvement From the Previous Version”
4.Change “Effect” to “Remarks” MR TEAM
2018-5-18 2.2 Add match EMUI 9.0 template Custom Team
2018-8-8 2.2 1. Delete column “Case ID”
2. Change “Issue Description” to “Feature Description” in New Features MR TEAM
2019-1-1 2.3 1. Add “IMEI SV” in Version Description. MR TEAM
2019-3-12 2.3.1 1. Update Version Description. I&M
2019-5-17 2.3.2 1. Add “Android security patch” I&M

Table of Contents
1 Version Description 4
2 New Features 4
3 Improvement from the Previous Version 5
4 Known Limitations and Issues 5
5 Software Vulnerabilities Fixes 5

YAL-L21 10.1.0.225(C431E3R1P2) Software Release Notes
Version Description

Model YAL-L21
Build number 10.1.0.225(C431E3R1P2)
Previous released number 10.0.0.212(C431E3R1P2)
IMEI SV 21
Android version 10
EMUI version 10.1.0
CPU Huawei Kirin 980
Android security patch 1 June 2020
Baseband version 21C20B379S000C000; 21C20B379S000C000
Kernel Version 4.14.116
Version Type Normal MR

New Features

Index Feature Description
1 Allows you to multitask with ease in Split-screen mode, and send messages using a floating window while watching videos or playing games. Swipe in from the left or right edge of the screen and pause to display the Multi-Window dock. Hold an app icon in the dock and drag it to the side of the screen to enter split-screen view, or touch an app icon to display it in a floating window
2 Allows you to pick up voice and video calls on your phone from your Huawei laptop
3 Allows you to directly read and edit files on your phone from your Huawei laptop and share your phone's network
4 Optimizes the deterministic latency engine to provide you with a smoother system user experience
5 Adds HUAWEI Assistant∙TODAY to the home screen, providing smart reminders, personalized news, and other content relevant to you
6 Adds the Smart Charge mode, reducing battery aging by adapting to your charging routine through AI learning and preventing the battery from being continuously charged when full
Improvement from the Previous Version

Index Issue Description
1 Integrates Android security patches released in June 2020 for improved system security
2 VIP MK(294/03) support VOLTE function
3 DT CS enable volte and vowifi
4 DT DE 26201F09 enable volte and vowifi
5 UK virgin(opkey:23420F01) disable VOLTE&VOWIFI function
Note: It's virgin't lite card without IMS ability.
6 Turkey TurkTelekom support VOWIFI function
7 DT MK enable volte
8 Belgium Base support VOWIFI function
9 Norway ICE Support VOWIF
10 DT CS 26201F02, 26201F09 enable volte and vowifi
11 Telekom MK(294/01) support VOLTE function
12 Portugal NOS(26803) support VOLTE
Known Limitations and Issues

Index Issue Description Remarks
1 NA
Software Vulnerabilities Fixes
Vulnerabilities information is available through CVE IDs in NVD (National Vulnerability Database) website: http://web.nvd.nist.gov/view/vuln/search


Software/Module name Version CVE ID Vulnerability Description Impact Description
Platform 10 CVE-2019-9460 In initWithSize of GraphicBuffer.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to validate the buffer size, and use the handle transport size.
Platform 10 CVE-2020-0116 In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to correct the call to checkInteractAcrossUsersFull.
Platform 8.0,8.1,9,10 CVE-2020-0117 In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to increase the size of the data types used, preventing the integer overflow.
Platform 8.0,8.1,9,10 CVE-2020-8597 In eap_request and eap_response of eap.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to check for the integer overflow.
Platform 9,10 CVE-2020-0113 In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to retain a local copy of the timestamp, preventing the use after free.
Platform 10 CVE-2020-0118 In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. The fix is designed to ensure the correct type before dereferencing the pointer.
Platform 8.0,8.1,9,10 CVE-2020-0115 In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. The fix is designed to check all URIs for verified host matches.
Platform 10 CVE-2020-0119 In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. The fix is designed to retain enterprise suggested certificates for the correct lifecycle.
Platform 10 CVE-2020-0114 In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to properly restrict the component class of the PendingIntent.
Platform 10 CVE-2020-0121 In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation. The fix is designed to force update uid state when pending uid state is applied.
Platform 8.0,8.1,9,10 CVE-2019-2219 In System UI, there is a possible bypass of user's consent for access to sensor data due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. The fix is designed to ensure that sensor access notifications remain visible to user.

Review This!

Only users can review this file after download