Login Sign Up

CVE-2021-39987

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2021-39987 is a data processing error vulnerability in the HwNearbyMain module of HarmonyOS devices. Successful exploitation can cause process restarts, potentially disrupting device functionality. This affects Huawei/Honor devices running vulnerable versions of HarmonyOS.

💻 Affected Systems

Products:
  • Huawei/Honor devices with HarmonyOS
Versions: HarmonyOS versions prior to the November 2021 security update
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the HwNearbyMain module enabled (typically enabled by default for nearby services functionality).

📦 What is this software?

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through repeated process crashes, potentially affecting device stability and availability of nearby services functionality.

🟠

Likely Case

Temporary service disruption causing the affected process to restart, with possible impact on nearby device discovery and connectivity features.

🟢

If Mitigated

Minimal impact with proper patching; process restart may cause brief service interruption but no persistent damage.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the device.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with device access to cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS November 2021 security update and later

Vendor Advisory: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202111-0000001217889667

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > System & updates > Software update. 2. Install the November 2021 or later security update. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable Nearby Services

all

Temporarily disable the HwNearbyMain module functionality to prevent exploitation

Settings > More connections > Nearby sharing > Turn off

🧯 If You Can't Patch

  • Restrict installation of untrusted applications to reduce attack surface
  • Implement network segmentation to limit lateral movement if device is compromised

🔍 How to Verify

Check if Vulnerable:

Check HarmonyOS version in Settings > About phone > HarmonyOS version. If version is prior to November 2021 security update, device is vulnerable.

Check Version:

Settings > About phone > HarmonyOS version

Verify Fix Applied:

Verify HarmonyOS version is November 2021 security update or later in Settings > About phone > HarmonyOS version.

📡 Detection & Monitoring

Log Indicators:

  • Repeated crashes/restarts of HwNearbyMain process
  • Abnormal termination logs for nearby services

Network Indicators:

  • Unusual nearby device discovery attempts
  • Abnormal Bluetooth/Wi-Fi Direct activity patterns

SIEM Query:

Process termination events for HwNearbyMain with abnormal exit codes

📊 Metadata

CVE ID: CVE-2021-39987
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-843
Published: January 3, 2022
Last Updated: May 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39987, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)