CVE-2021-22391 – This vulnerability in Huawei smartphones involv... (How to Fix)

Q: What is the severity of CVE-2021-22391?

CVE-2021-22391 has a CVSS score of 7.5 (HIGH). This vulnerability in Huawei smartphones involves an incorrect buffer size calculation that could allow attackers to trigger a system reset. It affects specific Huawei smartphone models running vulnerable software versions. Exploitation requires local access to the device.

📋 TL;DR

This vulnerability in Huawei smartphones involves an incorrect buffer size calculation that could allow attackers to trigger a system reset. It affects specific Huawei smartphone models running vulnerable software versions. Exploitation requires local access to the device.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions as listed in Huawei security bulletins (June 2021)

Operating Systems: HarmonyOS, Android-based EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Exact affected models and versions detailed in Huawei's June 2021 security bulletins.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service through repeated system resets, potentially causing data loss or corruption.

🟠

Likely Case

Temporary denial of service through system reset when triggered by malicious local applications.

🟢

If Mitigated

No impact if device is patched or proper application sandboxing prevents exploitation.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable.

🏢 Internal Only: MEDIUM - Malicious local applications could exploit this to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local application execution with sufficient permissions to trigger the buffer calculation error.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security update versions released in June 2021

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/6/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install available security updates. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict application installations

all

Only install applications from trusted sources like Huawei AppGallery

Disable unknown sources

all

Prevent installation of applications from unknown sources

🧯 If You Can't Patch

Monitor device for unexpected resets or instability
Limit device usage to essential functions and avoid untrusted applications

🔍 How to Verify

Check if Vulnerable:

Check device version in Settings > About phone > Build number and compare against Huawei's June 2021 security bulletin

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify security patch level in Settings > About phone > Build number shows June 2021 or later security updates

📡 Detection & Monitoring

Log Indicators:

Unexpected system resets
Kernel panic or crash logs
Application permission violations

Network Indicators:

No network indicators - local vulnerability

SIEM Query:

Device logs showing repeated unexpected reboots or system crashes

📊 Metadata

CVE ID: CVE-2021-22391

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-131

Published: August 2, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/6/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/6/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22391, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict application installations

Disable unknown sources

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities