CVE-2021-22412 – This integer overflow vulnerability in Huawei s... (How to Fix)

Q: What is the severity of CVE-2021-22412?

CVE-2021-22412 has a CVSS score of 7.5 (HIGH). This integer overflow vulnerability in Huawei smartphones allows attackers to access random kernel memory addresses when exploited. It affects Huawei smartphone users running vulnerable software versions. Successful exploitation could lead to privilege escalation or system crashes.

📋 TL;DR

This integer overflow vulnerability in Huawei smartphones allows attackers to access random kernel memory addresses when exploited. It affects Huawei smartphone users running vulnerable software versions. Successful exploitation could lead to privilege escalation or system crashes.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references; check Huawei bulletins for exact affected versions.

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Huawei smartphones with specific vulnerable kernel components. Exact models and versions require checking Huawei security bulletins.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel privilege escalation leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crashes, system instability, or limited information disclosure from kernel memory.

🟢

If Mitigated

System remains stable with no unauthorized access if patched or with proper memory protections.

🌐 Internet-Facing: MEDIUM - Requires user interaction or malicious app installation, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local access or malicious app required, but could be combined with other attack vectors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious app installation. Integer overflow vulnerabilities typically require specific conditions to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security update for June 2021 or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/6/

Restart Required: Yes

Instructions:

1. Check for security updates in phone settings. 2. Install June 2021 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unknown app installations

android

Prevent installation of apps from unknown sources to reduce attack surface

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

Restrict device to trusted apps only from official app stores
Implement mobile device management with application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check security patch level in Settings > About phone > Build number. If before June 2021, likely vulnerable.

Check Version:

Settings > About phone > Build number (no command line available on standard devices)

Verify Fix Applied:

Verify security patch level shows June 2021 or later in phone settings.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected memory access errors in system logs
Application crashes with memory-related errors

Network Indicators:

Not network exploitable - primarily local attack vector

SIEM Query:

Not applicable for typical mobile device environments

📊 Metadata

CVE ID: CVE-2021-22412

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-190

Published: August 2, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/6/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/6/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22412, you might also want to check these: