CVE-2021-22474 – This is a critical out-of-bounds memory access ... (How to Fix)

Q: What is the severity of CVE-2021-22474?

CVE-2021-22474 has a CVSS score of 9.8 (CRITICAL). This is a critical out-of-bounds memory access vulnerability in Huawei smartphones that allows attackers to cause process exceptions or potentially execute arbitrary code. It affects Huawei smartphone users running vulnerable software versions. The high CVSS score indicates this is a severe remote code execution risk.

📋 TL;DR

This is a critical out-of-bounds memory access vulnerability in Huawei smartphones that allows attackers to cause process exceptions or potentially execute arbitrary code. It affects Huawei smartphone users running vulnerable software versions. The high CVSS score indicates this is a severe remote code execution risk.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references; check Huawei security bulletins for exact affected versions.

Operating Systems: HarmonyOS, Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Huawei smartphone models with vulnerable software versions are at risk.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crashes, denial of service, or limited code execution within the affected process context.

🟢

If Mitigated

Process termination with minimal system impact if proper memory protections and exploit mitigations are enabled.

🌐 Internet-Facing: HIGH - Smartphones frequently connect to untrusted networks and download content from various sources.

🏢 Internal Only: MEDIUM - Still vulnerable to malicious apps or compromised internal network traffic.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Out-of-bounds memory access vulnerabilities typically require some level of exploit development but can be weaponized once understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security update for July 2021 or later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/7/

Restart Required: Yes

Instructions:

1. Go to Settings > System & updates > Software update. 2. Check for updates. 3. Install any available security updates. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable untrusted app installations

all

Prevent installation of apps from unknown sources to reduce attack surface.

Settings > Security > Install unknown apps > Disable for all apps

Use app sandboxing

all

Ensure all apps run with minimal permissions and in isolated environments.

Settings > Apps > [App Name] > Permissions > Review and restrict permissions

🧯 If You Can't Patch

Isolate device on network segments with limited access to critical systems
Implement mobile device management (MDM) with strict app whitelisting policies

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Build number against Huawei's July 2021 security bulletin affected versions list.

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify security patch level includes July 2021 or later in Settings > About phone > Build number.

📡 Detection & Monitoring

Log Indicators:

Process crash logs for affected Huawei system services
Memory access violation logs in system diagnostics

Network Indicators:

Unusual network connections from system processes
Suspicious payload delivery to device

SIEM Query:

device_vendor:Huawei AND (process_crash OR memory_violation) AND severity:high

📊 Metadata

CVE ID: CVE-2021-22474

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 28, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-22474, you might also want to check these: