CVE-2021-37037 – This vulnerability in Huawei smartphones involv... (How to Fix)

Q: What is the severity of CVE-2021-37037?

CVE-2021-37037 has a CVSS score of 7.5 (HIGH). This vulnerability in Huawei smartphones involves invalid address access that can be exploited to cause device restarts. It affects Huawei devices running HarmonyOS or EMUI. Successful exploitation disrupts device availability through denial of service.

📋 TL;DR

This vulnerability in Huawei smartphones involves invalid address access that can be exploited to cause device restarts. It affects Huawei devices running HarmonyOS or EMUI. Successful exploitation disrupts device availability through denial of service.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in references; affected versions listed in September 2021 security bulletins

Operating Systems: HarmonyOS, EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Huawei smartphone models are vulnerable before patching.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent device restarts leading to complete denial of service, potentially requiring factory reset or physical intervention.

🟠

Likely Case

Temporary device restart causing service disruption and potential data loss from unsaved work.

🟢

If Mitigated

No impact if patched; unpatched devices remain vulnerable to restart attacks.

🌐 Internet-Facing: LOW - Requires local access or malicious app installation, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Malicious apps or local attackers could exploit to disrupt device functionality.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires malicious app installation or local access; no public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: September 2021 security updates

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/9/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install September 2021 security update. 3. Restart device after installation.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like official app stores

Disable unknown sources

all

Prevent installation of apps from unknown sources in device settings

🧯 If You Can't Patch

Isolate affected devices from critical networks and functions
Implement strict app installation policies and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check if device has September 2021 security update installed via Settings > System & updates > Software update

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Confirm September 2021 security update is installed and device build number matches patched version

📡 Detection & Monitoring

Log Indicators:

Unexpected device restarts
Crash logs mentioning memory access violations

Network Indicators:

None - local exploitation only

SIEM Query:

Device logs showing repeated unexpected restarts or crash reports

📊 Metadata

CVE ID: CVE-2021-37037

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: December 8, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/9/ Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727 Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/9/ Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON