CVE-2021-36993 – This CVE describes a memory leak vulnerability ... (How to Fix)

Q: What is the severity of CVE-2021-36993?

CVE-2021-36993 has a CVSS score of 7.5 (HIGH). This CVE describes a memory leak vulnerability in Huawei smartphones that could allow attackers to gradually consume system memory resources. Successful exploitation could lead to service degradation or denial of service conditions affecting device availability. The vulnerability affects Huawei smartphone users running vulnerable software versions.

📋 TL;DR

This CVE describes a memory leak vulnerability in Huawei smartphones that could allow attackers to gradually consume system memory resources. Successful exploitation could lead to service degradation or denial of service conditions affecting device availability. The vulnerability affects Huawei smartphone users running vulnerable software versions.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific affected versions not detailed in provided references; likely multiple EMUI versions prior to July 2021 patches

Operating Systems: Android with Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in Huawei's software layer; exact affected models not specified in provided references

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device unresponsiveness or crash requiring reboot, potentially disrupting critical phone functions including emergency calls.

🟠

Likely Case

Gradual performance degradation, app crashes, and reduced battery life due to memory exhaustion over time.

🟢

If Mitigated

Minor performance impact that may go unnoticed by users, with automatic memory management eventually recovering resources.

🌐 Internet-Facing: LOW - This is primarily a local device vulnerability requiring local access or malicious app installation.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or through physical access to devices in enterprise environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation; no public exploit details available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2021 security updates

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/7/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Download and install July 2021 security update. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary apps and services

all

Reduce attack surface by disabling unused applications and background services

Regular device restarts

all

Periodic reboots can clear accumulated memory leaks before they cause significant impact

🧯 If You Can't Patch

Implement strict app installation policies and only install from trusted sources
Monitor device performance and restart when showing signs of memory exhaustion

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number; if before July 2021, likely vulnerable

Check Version:

No command line available; check via device Settings interface

Verify Fix Applied:

Verify security patch level shows July 2021 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

Unusual memory consumption patterns in system logs
Frequent OutOfMemory errors in application logs

Network Indicators:

No network indicators for this local vulnerability

SIEM Query:

Not applicable for mobile device memory leak vulnerability

📊 Metadata

CVE ID: CVE-2021-36993

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-401

Published: October 28, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/7/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36993, you might also want to check these: