CVE-2021-37083 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2021-37083?

CVE-2021-37083 has a CVSS score of 7.5 (HIGH). This CVE describes a NULL pointer dereference vulnerability in Huawei smartphones that can cause denial of service attacks when exploited. The vulnerability affects Huawei devices running HarmonyOS, allowing attackers to crash affected systems. Users of vulnerable Huawei smartphones are at risk of service disruption.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in Huawei smartphones that can cause denial of service attacks when exploited. The vulnerability affects Huawei devices running HarmonyOS, allowing attackers to crash affected systems. Users of vulnerable Huawei smartphones are at risk of service disruption.

💻 Affected Systems

Products:

Huawei Smartphones

Versions: HarmonyOS versions prior to the September 2021 security update

Operating Systems: HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Specific device models not detailed in public advisory; all HarmonyOS devices before September 2021 patches are potentially affected.

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring reboot, potentially leading to temporary loss of device functionality and service availability.

🟠

Likely Case

Application or system component crash causing temporary service disruption until system recovers or reboots.

🟢

If Mitigated

Minimal impact with proper patching and system hardening in place.

🌐 Internet-Facing: MEDIUM - Requires specific conditions to exploit remotely, but could be leveraged in targeted attacks.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with device access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions to trigger the NULL pointer dereference; no public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: September 2021 HarmonyOS security update

Vendor Advisory: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install September 2021 security update. 3. Reboot device after installation.

🔧 Temporary Workarounds

No known workarounds

all

No configuration changes or workarounds available; patching is required.

🧯 If You Can't Patch

Restrict device usage to trusted applications only
Monitor device for unusual crashes or performance issues

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If version predates September 2021 security update, device is vulnerable.

Check Version:

No command-line option; check via device Settings interface

Verify Fix Applied:

Verify HarmonyOS version shows September 2021 security update installed and device is not experiencing unexplained crashes.

📡 Detection & Monitoring

Log Indicators:

Unexpected application or system crashes
Kernel panic logs
NULL pointer exception in system logs

Network Indicators:

No specific network indicators for this local vulnerability

SIEM Query:

No specific SIEM query available for this device-specific vulnerability

📊 Metadata

CVE ID: CVE-2021-37083

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: December 7, 2021

Last Updated: November 21, 2024

🔗 References

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727 Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37083, you might also want to check these: