CVE-2021-36989 – A kernel crash vulnerability in Huawei smartpho... (How to Fix)

Q: What is the severity of CVE-2021-36989?

CVE-2021-36989 has a CVSS score of 9.8 (CRITICAL). A kernel crash vulnerability in Huawei smartphones allows local attackers to escalate privileges. This affects Huawei smartphone users running vulnerable HarmonyOS versions. Attackers need local access to exploit this vulnerability.

📋 TL;DR

A kernel crash vulnerability in Huawei smartphones allows local attackers to escalate privileges. This affects Huawei smartphone users running vulnerable HarmonyOS versions. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Huawei smartphones

Versions: HarmonyOS 2.0 versions before 2.0.0.216

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Huawei smartphones running vulnerable HarmonyOS versions. Requires local access to device.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with kernel-level privileges, allowing installation of persistent malware, data theft, and bypassing all security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access and install malicious applications or modify system files.

🟢

If Mitigated

Limited impact if devices are patched, have restricted physical access, and run with minimal privileges.

🌐 Internet-Facing: LOW - Requires local access to device, not remotely exploitable over network.

🏢 Internal Only: HIGH - Physical access to device or malicious app installation could lead to privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and some technical knowledge to trigger kernel crash leading to privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 2.0.0.216 and later

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/7/

Restart Required: Yes

Instructions:

1. Check current HarmonyOS version in Settings > System & updates > Software update. 2. If version is before 2.0.0.216, download and install the latest update. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Restrict physical access

all

Limit physical access to devices to prevent local exploitation

Disable developer options

all

Ensure developer options and USB debugging are disabled to reduce attack surface

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict physical security controls and device usage policies

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > System & updates > Software update. If version is earlier than 2.0.0.216, device is vulnerable.

Check Version:

Settings > System & updates > Software update (no CLI command available)

Verify Fix Applied:

Verify HarmonyOS version is 2.0.0.216 or later in Settings > System & updates > Software update.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected system reboots
Privilege escalation attempts in system logs

Network Indicators:

Unusual network activity from device after local access

SIEM Query:

Device logs showing kernel crashes or privilege escalation on HarmonyOS devices

📊 Metadata

CVE ID: CVE-2021-36989

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: October 28, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36989, you might also want to check these: