CVE-2022-44563: Huawei Recovery Update Zip ToC-ToU Vulnerability
We have identified a new Toc-ToU race condition vulnerability in Huawei’s recovery image implementation of SD-card based firmware updates. The vulnerability can be exploited to achieve arbitrary code execution in recovery mode, enabling unauthentic firmware updates, firmware downgrades to a known vulnerable version or other system modifications.
The vulnerability we are disclosing in this advisory affected a wide range of Huawei devices, including phones on the newest chipsets (Kirin 9000). The November 2022 issue of HarmonyOS and EMUI Security Bulletins contains this vulnerability as CVE-2022-44563.
Vulnerability Details The implementation of the “SD-update” mode of the Huawei recovery process, which is a proprietary mode for handling update files located on external media, contains the vulnerability that the update file gets reread between different verification phases.