Login Sign Up

CVE-2021-37041

9.1 CRITICAL

📋 TL;DR

CVE-2021-37041 is an out-of-bounds read vulnerability in Huawei smartphones caused by improper input verification. This allows attackers to read memory beyond allocated buffers, potentially exposing sensitive information. Affected users are Huawei smartphone owners running vulnerable software versions.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: Multiple EMUI versions prior to specific security patches
Operating Systems: Android with Huawei EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Specific affected models and exact version ranges detailed in Huawei security bulletins

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure leading to exposure of sensitive data like authentication tokens, passwords, or personal information from device memory.

🟠

Likely Case

Application crash or denial of service, with potential limited information leakage depending on memory layout.

🟢

If Mitigated

Minimal impact with proper memory protections and ASLR, though some information leakage may still occur.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or malicious app installation; no known widespread exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: September 2021 and October 2021 security patches

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/9/

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System & updates > Software update. 2. Install available security updates. 3. Restart device after update completes.

🔧 Temporary Workarounds

Disable unknown sources

all

Prevent installation of apps from untrusted sources

Settings > Security > Install unknown apps > Disable for all apps

App verification

all

Enable Google Play Protect and app scanning

Settings > Security > Google Play Protect > Scan device for security threats

🧯 If You Can't Patch

  • Restrict physical access to device
  • Use app whitelisting and only install trusted applications from official stores

🔍 How to Verify

Check if Vulnerable:

Check Settings > About phone > Build number against Huawei security bulletins

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify September 2021 or later security patch is installed in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected process terminations

Network Indicators:

  • Unusual outbound data transfers from device

SIEM Query:

Process termination events with exit code indicating memory access violation

📊 Metadata

CVE ID: CVE-2021-37041
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: December 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37041, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)