Login Sign Up

CVE-2021-46894

9.8 CRITICAL

📋 TL;DR

This CVE describes a Use After Free vulnerability in the Linux kernel's uinput module that allows local attackers to escalate privileges to kernel level. It affects Huawei devices running HarmonyOS and potentially other Linux-based systems. Successful exploitation gives attackers full system control.

💻 Affected Systems

Products:
  • Huawei devices with HarmonyOS
  • Linux systems with vulnerable uinput module
Versions: HarmonyOS versions prior to security updates in July 2023
Operating Systems: HarmonyOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the system. The uinput module must be loaded or accessible.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level privileges, allowing attackers to install persistent malware, access all data, and bypass all security controls.

🟠

Likely Case

Local privilege escalation from a low-privileged user to root/kernel level, enabling lateral movement and persistence establishment.

🟢

If Mitigated

Limited impact if proper access controls restrict local user accounts and kernel hardening measures are implemented.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: HarmonyOS security updates from July 2023 onward

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/7/

Restart Required: Yes

Instructions:

1. Check for available system updates on Huawei devices. 2. Apply the July 2023 security update or later. 3. Reboot the device to load the patched kernel.

🔧 Temporary Workarounds

Disable uinput module

linux

Prevent loading of the vulnerable uinput kernel module

echo 'install uinput /bin/false' >> /etc/modprobe.d/disable-uinput.conf
rmmod uinput

Restrict module loading

linux

Prevent unauthorized kernel module loading

echo 'kernel.modules_disabled=1' >> /etc/sysctl.conf
sysctl -p

🧯 If You Can't Patch

  • Restrict local user access and implement strict privilege separation
  • Implement kernel hardening measures like SELinux/AppArmor with strict policies

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if uinput module is loaded: lsmod | grep uinput

Check Version:

uname -r (for kernel) or check system update history

Verify Fix Applied:

Verify the security update date is July 2023 or later and uinput module version is patched

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic or oops messages
  • Unauthorized privilege escalation attempts in audit logs
  • Suspicious module loading

Network Indicators:

  • None - this is a local exploit

SIEM Query:

source="kernel" AND ("uinput" OR "general protection fault" OR "use after free")

📊 Metadata

CVE ID: CVE-2021-46894
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: July 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46894, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)