Login Sign Up

CVE-2021-22385

7.8 HIGH

📋 TL;DR

This vulnerability in Huawei smartphones allows local attackers to manipulate system settings externally, potentially leading to kernel code execution. It affects Huawei devices running HarmonyOS or EMUI. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: Specific HarmonyOS and EMUI versions prior to June 2021 security updates
Operating Systems: HarmonyOS, EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei devices with vulnerable kernel components. Exact device models not specified in provided references.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing complete device control, data theft, and persistence.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive data and system functions.

🟢

If Mitigated

Limited impact with proper access controls and patching, restricting local user privileges.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: HIGH - Local attackers with physical or remote shell access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of vulnerable component. No public exploit code available in provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2021 security update or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/6/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install June 2021 or later security update. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical access to devices and implement strict access controls for remote shell/ADB access.

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict physical security controls and monitor for suspicious local activity

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number. If before June 2021, likely vulnerable.

Check Version:

Settings > About phone > Build number (GUI only, no CLI command provided)

Verify Fix Applied:

Verify security patch level shows June 2021 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual kernel module loading
  • Suspicious privilege escalation attempts
  • Unauthorized system configuration changes

Network Indicators:

  • Not applicable - local exploitation only

SIEM Query:

Not applicable for typical mobile device management

📊 Metadata

CVE ID: CVE-2021-22385
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-668
Published: August 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22385, you might also want to check these:

CVE-2025-15114 9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the ala...

Same vulnerability type (CWE-668)
CVE-2021-27236 9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via...

Same vulnerability type (CWE-668)
CVE-2022-24074 9.8

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that al...

Same vulnerability type (CWE-668)