CVE-2021-22447 – This vulnerability in Huawei smartphones allows... (How to Fix)

Q: What is the severity of CVE-2021-22447?

CVE-2021-22447 has a CVSS score of 7.5 (HIGH). This vulnerability in Huawei smartphones allows attackers to trigger a system reset by exploiting improper exception handling. It affects Huawei smartphone users who haven't applied security updates. The flaw could be used to cause denial of service through forced device reboots.

📋 TL;DR

This vulnerability in Huawei smartphones allows attackers to trigger a system reset by exploiting improper exception handling. It affects Huawei smartphone users who haven't applied security updates. The flaw could be used to cause denial of service through forced device reboots.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references; affected versions prior to June 2021 security updates

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: All affected Huawei smartphones running vulnerable EMUI versions are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service through repeated forced resets, potentially causing data loss or corruption during critical operations.

🟠

Likely Case

Temporary denial of service through device reboot, disrupting user activities and potentially causing minor data loss.

🟢

If Mitigated

No impact if patched; unpatched devices remain vulnerable to forced resets.

🌐 Internet-Facing: MEDIUM - Requires user interaction or malicious app installation, not directly exploitable over internet without user action.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or local attackers with physical access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2021 security update or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/6/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Install June 2021 security update or later. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable unknown sources

all

Prevent installation of malicious apps that could exploit this vulnerability

Settings > Security > Install unknown apps > Disable for all apps

Restrict app permissions

all

Limit system-level permissions for untrusted applications

Settings > Apps > [App Name] > Permissions > Revoke unnecessary permissions

🧯 If You Can't Patch

Isolate device from untrusted networks and users
Implement mobile device management with strict app whitelisting

🔍 How to Verify

Check if Vulnerable:

Check if device has June 2021 security update: Settings > About phone > Build number

Check Version:

Not applicable for mobile devices; use Settings menu as described

Verify Fix Applied:

Verify June 2021 or later security patch is installed: Settings > About phone > Android security patch level

📡 Detection & Monitoring

Log Indicators:

Unexpected system reboots
Crash logs showing exception handling failures

Network Indicators:

No direct network indicators for this local vulnerability

SIEM Query:

Not applicable for typical mobile device management scenarios

📊 Metadata

CVE ID: CVE-2021-22447

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-754

Published: August 2, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/6/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/6/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22447, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Emui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

Magic Ui by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable unknown sources

Restrict app permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities