CVE-2021-22335 – This is an out-of-bounds write vulnerability (C... (How to Fix)

Q: What is the severity of CVE-2021-22335?

CVE-2021-22335 has a CVSS score of 7.8 (HIGH). This is an out-of-bounds write vulnerability (CWE-787) in Huawei smartphone image processing components. Attackers could exploit this to cause memory corruption, potentially leading to crashes or arbitrary code execution. Affected users are those with vulnerable Huawei smartphone models running unpatched software.

📋 TL;DR

This is an out-of-bounds write vulnerability (CWE-787) in Huawei smartphone image processing components. Attackers could exploit this to cause memory corruption, potentially leading to crashes or arbitrary code execution. Affected users are those with vulnerable Huawei smartphone models running unpatched software.

💻 Affected Systems

Products:

Huawei smartphones with affected EMUI versions

Versions: EMUI 11.0.0 and earlier versions

Operating Systems: Android with Huawei EMUI skin

Default Config Vulnerable: ⚠️ Yes

Notes: Specific models not detailed in public advisory; all devices running vulnerable EMUI versions are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with system-level privileges, allowing complete device compromise and data exfiltration.

🟠

Likely Case

Application crashes or denial of service in image processing functions, potentially causing instability in camera or gallery apps.

🟢

If Mitigated

Controlled crash with no privilege escalation when proper memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious content but could be triggered via web/messaging apps.

🏢 Internal Only: LOW - Primarily affects individual devices rather than internal network infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious image file). No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: EMUI 11.0.0.195 (C00E195R5P5) and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/4/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Download and install EMUI 11.0.0.195 or later. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic parsing of image files in messaging and browser apps

Use trusted sources only

all

Avoid opening image files from untrusted sources or unknown senders

🧯 If You Can't Patch

Isolate device from untrusted networks and limit app installations
Implement mobile device management with strict application controls

🔍 How to Verify

Check if Vulnerable:

Check EMUI version in Settings > About phone > EMUI version. If version is 11.0.0 or earlier and build number is below C00E195R5P5, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.emui

Verify Fix Applied:

Verify EMUI version is 11.0.0.195 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

Camera/gallery app crashes
Memory corruption errors in system logs
Unexpected process terminations

Network Indicators:

Unusual image file downloads preceding crashes

SIEM Query:

source="android_system" AND (event="APP_CRASH" AND process="com.huawei.camera" OR process="com.huawei.gallery")

📊 Metadata

CVE ID: CVE-2021-22335

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 3, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/4/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/4/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22335, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable automatic image processing

Use trusted sources only

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities