Details of VAR-202108-2197

ID

VAR-202108-2197

CVE

CVE-2021-22386

TITLE

plural Huawei Double release vulnerability in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-009784

DESCRIPTION

A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges. plural Huawei Smartphone products contain vulnerabilities related to double release.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-22386 // JVNDB: JVNDB-2021-009784 // VULHUB: VHN-380821 // VULMON: CVE-2021-22386

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009784 // NVD: CVE-2021-22386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22386
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22386
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-979
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380821
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22386
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22386
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380821
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22386
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22386
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380821 // VULMON: CVE-2021-22386 // JVNDB: JVNDB-2021-009784 // CNNVD: CNNVD-202108-979 // NVD: CVE-2021-22386

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.1
problemtype:	Double release (CWE-415) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380821 // JVNDB: JVNDB-2021-009784 // NVD: CVE-2021-22386

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-979

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202108-979

PATCH

title:	CVE-2021-22386	url:	https://consumer.huawei.com/en/support/bulletin/2021/6/	Trust: 0.8
title:	Huawei smartphone Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159371	Trust: 0.6

sources: JVNDB: JVNDB-2021-009784 // CNNVD: CNNVD-202108-979

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22386	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009784	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-979	Trust: 0.6
db:	VULHUB	id:	VHN-380821	Trust: 0.1
db:	VULMON	id:	CVE-2021-22386	Trust: 0.1

sources: VULHUB: VHN-380821 // VULMON: CVE-2021-22386 // JVNDB: JVNDB-2021-009784 // CNNVD: CNNVD-202108-979 // NVD: CVE-2021-22386

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/6/	Trust: 1.8
url:	https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22386	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202107-0000001170634565	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/415.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380821 // VULMON: CVE-2021-22386 // JVNDB: JVNDB-2021-009784 // CNNVD: CNNVD-202108-979 // NVD: CVE-2021-22386

SOURCES

db:	VULHUB	id:	VHN-380821
db:	VULMON	id:	CVE-2021-22386
db:	JVNDB	id:	JVNDB-2021-009784
db:	CNNVD	id:	CNNVD-202108-979
db:	NVD	id:	CVE-2021-22386

LAST UPDATE DATE

2024-08-14T15:01:20.515000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380821	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-22386	date:	2021-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-009784	date:	2022-05-23T08:41:00
db:	CNNVD	id:	CNNVD-202108-979	date:	2022-03-08T00:00:00
db:	NVD	id:	CVE-2021-22386	date:	2021-12-09T17:55:10.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380821	date:	2021-08-10T00:00:00
db:	VULMON	id:	CVE-2021-22386	date:	2021-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-009784	date:	2022-05-23T00:00:00
db:	CNNVD	id:	CNNVD-202108-979	date:	2021-08-10T00:00:00
db:	NVD	id:	CVE-2021-22386	date:	2021-08-10T14:15:07.213