CVE-2021-22350 – This CVE describes a memory buffer operation vu... (How to Fix)

Q: What is the severity of CVE-2021-22350?

CVE-2021-22350 has a CVSS score of 7.5 (HIGH). This CVE describes a memory buffer operation vulnerability in Huawei smartphones that allows attackers to cause denial of service. When exploited, it can trigger device crashes and forced restarts. Affected users are those with vulnerable Huawei smartphone models running unpatched software.

📋 TL;DR

This CVE describes a memory buffer operation vulnerability in Huawei smartphones that allows attackers to cause denial of service. When exploited, it can trigger device crashes and forced restarts. Affected users are those with vulnerable Huawei smartphone models running unpatched software.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific affected versions not detailed in provided references; check Huawei security bulletins for exact models.

Operating Systems: HarmonyOS, Android-based EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configurations of affected devices; no special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent device crashes making the smartphone unusable, requiring factory reset or physical repair.

🟠

Likely Case

Temporary device crashes and restarts disrupting normal operation and potentially causing data loss in active applications.

🟢

If Mitigated

Minimal impact with proper patching; devices remain stable and functional.

🌐 Internet-Facing: MEDIUM - Attack could potentially be delivered via malicious apps or network vectors, but requires specific targeting.

🏢 Internal Only: LOW - Primarily affects individual devices rather than internal network infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or malicious application installation; no evidence of widespread weaponization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security update for specific device model

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/5/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for available updates. 3. Download and install security update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like official app stores to reduce attack surface.

Enable security features

all

Ensure device security features like app verification and unknown source blocking are enabled.

🧯 If You Can't Patch

Isolate device from untrusted networks and limit app installations to essential trusted applications only.
Monitor device for unusual crashes or restarts and consider replacing with updated device if persistent issues occur.

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Huawei's May 2021 security bulletin.

Check Version:

Settings > About phone > Software information

Verify Fix Applied:

Verify security patch level in Settings > About phone > Build number includes May 2021 or later security updates.

📡 Detection & Monitoring

Log Indicators:

Unexpected device restarts
Kernel panic logs
Memory allocation failure messages

Network Indicators:

Unusual network activity preceding crashes if network-delivered exploit

SIEM Query:

Device logs showing repeated unexpected reboots or memory-related errors

📊 Metadata

CVE ID: CVE-2021-22350

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

Published: June 30, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/5/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/5/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22350, you might also want to check these: