Login Sign Up

CVE-2021-22394

9.1 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in Huawei smartphones that affects Multi-Screen Collaboration functionality. Successful exploitation could allow attackers to cause denial of service (DoS) to applications. The vulnerability affects specific Huawei smartphone models running HarmonyOS.

💻 Affected Systems

Products:
  • Huawei smartphones with Multi-Screen Collaboration feature
Versions: HarmonyOS versions before the August 2021 security update
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Multi-Screen Collaboration functionality between Huawei devices.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete DoS of affected applications, potentially disrupting device functionality and user productivity.

🟠

Likely Case

Application crashes and temporary service disruption during Multi-Screen Collaboration sessions.

🟢

If Mitigated

Minimal impact with proper patching and security controls in place.

🌐 Internet-Facing: MEDIUM - Requires proximity or network access to exploit Multi-Screen Collaboration features.
🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering the buffer overflow through Multi-Screen Collaboration interactions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2021 security update for HarmonyOS

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/7/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install the August 2021 security update. 3. Restart the device after installation.

🔧 Temporary Workarounds

Disable Multi-Screen Collaboration

all

Temporarily disable the vulnerable feature until patching is complete

🧯 If You Can't Patch

  • Disable Multi-Screen Collaboration feature in device settings
  • Implement network segmentation to isolate vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If version is before August 2021 security update, device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version includes August 2021 security update in Settings > About phone > HarmonyOS version.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs related to Multi-Screen Collaboration
  • System logs showing buffer overflow errors

Network Indicators:

  • Unusual Multi-Screen Collaboration traffic patterns
  • Network connections attempting to trigger the vulnerability

SIEM Query:

Search for application crash events with process names related to Multi-Screen Collaboration or Huawei system services

📊 Metadata

CVE ID: CVE-2021-22394
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-120
Published: February 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22394, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)