Login Sign Up

CVE-2021-37111

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-37111 is a memory leak vulnerability affecting certain Huawei smartphones running HarmonyOS. Successful exploitation could lead to memory exhaustion, potentially causing device instability or crashes. This affects users of specific Huawei smartphone models with vulnerable HarmonyOS versions.

💻 Affected Systems

Products:
  • Huawei smartphones with HarmonyOS
Versions: Specific HarmonyOS versions as detailed in Huawei security bulletins (October 2021)
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Exact affected models and versions are specified in Huawei's security bulletins. Users should check their specific device against the vendor advisories.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device instability leading to denial of service, potential data loss, or device becoming unresponsive requiring reboot.

🟠

Likely Case

Gradual performance degradation, app crashes, or system instability requiring device restart.

🟢

If Mitigated

Minimal impact with proper memory management and timely patching.

🌐 Internet-Facing: LOW - This is primarily a local device vulnerability not directly exploitable over internet.
🏢 Internal Only: MEDIUM - Could be exploited through malicious apps or local access to cause device disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious application installation. No public exploit code was widely reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from October 2021 onward

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/10/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > System & updates > Software update. 2. Install available security updates. 3. Restart device after update completes.

🔧 Temporary Workarounds

Limit app installations

all

Only install apps from trusted sources like Huawei AppGallery to reduce risk of malicious apps exploiting the vulnerability

Regular device restarts

all

Periodically restart device to clear memory and mitigate potential memory exhaustion

🧯 If You Can't Patch

  • Monitor device performance and restart if experiencing memory-related issues
  • Avoid installing untrusted applications and limit background processes

🔍 How to Verify

Check if Vulnerable:

Check device HarmonyOS version in Settings > About phone > HarmonyOS version and compare with affected versions in Huawei security bulletins

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version after update and ensure it's newer than affected versions listed in October 2021 security bulletins

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory consumption patterns
  • Frequent app crashes
  • System stability warnings

Network Indicators:

  • No direct network indicators as this is a local vulnerability

SIEM Query:

Not applicable for typical SIEM deployment as this is an endpoint/device vulnerability

📊 Metadata

CVE ID: CVE-2021-37111
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-770
Published: January 3, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37111, you might also want to check these:

CVE-2024-44241 9.8

This vulnerability in DCP firmware allows attackers to execute arbitrary code or cause system crashe...

Same vulnerability type (CWE-770)
CVE-2025-11832 9.8

This CVE describes a resource allocation vulnerability in Azure Access Technology BLU-IC2 and BLU-IC...

Same vulnerability type (CWE-770)
CVE-2021-47875 9.8

GeoGebra CAS Calculator 6.0.631.0 contains a buffer overflow vulnerability that allows attackers to ...

Same vulnerability type (CWE-770)