Login Sign Up

CVE-2021-22319

7.5 HIGH

📋 TL;DR

CVE-2021-22319 is an integer overflow vulnerability in Huawei smartphones that occurs due to improper input validation. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service. This affects Huawei smartphones running HarmonyOS or EMUI.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: HarmonyOS 2.0 versions before 2.0.0.230, EMUI versions before specific security patches
Operating Systems: HarmonyOS, EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei smartphones with specific chipset configurations. Check Huawei security bulletins for exact model list.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash or denial of service affecting device functionality.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction or malicious app installation, not directly internet-exposed.
🏢 Internal Only: MEDIUM - Could be exploited via malicious apps or compromised internal networks.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 2.0.0.230 or later, EMUI with October 2021 security patches

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/10/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Download and install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like official app stores

Disable unknown sources

all

Prevent installation of apps from unknown sources

🧯 If You Can't Patch

  • Isolate affected devices from critical networks
  • Implement mobile device management with strict app control policies

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > HarmonyOS version or EMUI version against patched versions

Check Version:

Settings > About phone > Software information

Verify Fix Applied:

Verify version is HarmonyOS 2.0.0.230+ or EMUI with October 2021+ security patches

📡 Detection & Monitoring

Log Indicators:

  • Unexpected app crashes
  • Memory allocation failures
  • Security service anomalies

Network Indicators:

  • Unusual outbound connections from mobile devices
  • Suspicious app behavior patterns

SIEM Query:

device.os.name:HarmonyOS AND event.action:crash AND NOT app.name:whitelisted_apps

📊 Metadata

CVE ID: CVE-2021-22319
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-190
Published: February 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22319, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)