CVE-2021-37024 – This vulnerability in Huawei smartphones allows... (How to Fix)

Q: What is the severity of CVE-2021-37024?

CVE-2021-37024 has a CVSS score of 7.5 (HIGH). This vulnerability in Huawei smartphones allows attackers to cause kernel crashes through improper input validation. It affects Huawei devices running HarmonyOS. Successful exploitation leads to denial of service.

📋 TL;DR

This vulnerability in Huawei smartphones allows attackers to cause kernel crashes through improper input validation. It affects Huawei devices running HarmonyOS. Successful exploitation leads to denial of service.

💻 Affected Systems

Products:

Huawei smartphones

Versions: HarmonyOS versions before the August 2021 security patch

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Huawei devices running vulnerable HarmonyOS versions. Exact device models not specified in available references.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service rendering device unusable until reboot, potentially allowing privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Temporary device crash requiring reboot, disrupting device functionality and user experience.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: LOW - Requires local access or malicious app installation, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Malicious apps or compromised internal systems could exploit this to disrupt device functionality.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or malicious app installation. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2021 security patch or later

Vendor Advisory: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install the August 2021 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like official app stores to reduce risk of malicious apps exploiting this vulnerability.

🧯 If You Can't Patch

Isolate affected devices from untrusted networks and users
Implement application allowlisting to prevent installation of untrusted apps

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone. If version is before August 2021 security patch, device is vulnerable.

Check Version:

Not applicable - check via device settings UI

Verify Fix Applied:

Verify HarmonyOS version shows August 2021 security patch or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected device reboots
Crash reports in system logs

Network Indicators:

No network indicators - local exploitation only

SIEM Query:

Not applicable - local kernel vulnerability

📊 Metadata

CVE ID: CVE-2021-37024

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: November 23, 2021

Last Updated: November 21, 2024

🔗 References

https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965 Vendor Advisory
https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37024, you might also want to check these: