Login Sign Up

CVE-2021-37076

7.5 HIGH
Denial of Service

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in Huawei smartphones running HarmonyOS. Successful exploitation could allow an attacker to cause denial of service or potentially leak sensitive information from memory. The vulnerability affects Huawei smartphone users running vulnerable HarmonyOS versions.

💻 Affected Systems

Products:
  • Huawei smartphones running HarmonyOS
Versions: HarmonyOS 2.0 versions before 2.0.0.230
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei smartphones running vulnerable HarmonyOS versions. Specific device models not specified in available references.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could cause device crashes, denial of service, or potentially read sensitive information from adjacent memory, leading to information disclosure.

🟠

Likely Case

Most probable impact is application crashes or device instability, potentially leading to denial of service conditions.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated. With network segmentation and access controls, exploitation risk is significantly reduced.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Out-of-bounds read vulnerabilities typically require some level of access or interaction with the vulnerable component. No public exploit code was found in available references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS 2.0.0.230 and later

Vendor Advisory: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Restart Required: Yes

Instructions:

1. Check current HarmonyOS version in device settings. 2. Navigate to System Update in settings. 3. Download and install available updates. 4. Restart device after update completes.

🔧 Temporary Workarounds

Network segmentation

all

Segment Huawei devices from critical networks and limit network access to reduce attack surface

Application restrictions

all

Limit installation of untrusted applications and restrict application permissions

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and internet access
  • Implement strict application control policies and monitor for unusual device behavior

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in device settings: Settings > System & updates > Software update > Current version

Check Version:

Not applicable - check through device settings interface

Verify Fix Applied:

Verify HarmonyOS version is 2.0.0.230 or later in device settings

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes
  • Memory access violation logs
  • System instability events

Network Indicators:

  • Unusual network traffic patterns from affected devices
  • Connection attempts to suspicious endpoints

SIEM Query:

Not applicable - device-specific logs would need to be integrated into SIEM

📊 Metadata

CVE ID: CVE-2021-37076
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: December 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37076, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)