Sign-up

ID

VAR-202108-2284


CVE

CVE-2021-22441


TITLE

HarmonyOS  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018625

DESCRIPTION

Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash. HarmonyOS Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22441 // JVNDB: JVNDB-2021-018625 // VULHUB: VHN-380876

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-018625 // NVD: CVE-2021-22441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22441
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-22441
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202108-2830
value: MEDIUM

Trust: 0.6

VULHUB: VHN-380876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22441
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380876
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22441
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22441
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380876 // JVNDB: JVNDB-2021-018625 // CNNVD: CNNVD-202108-2830 // NVD: CVE-2021-22441

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-380876 // JVNDB: JVNDB-2021-018625 // NVD: CVE-2021-22441

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2830

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2830

PATCH

title:security-bulletins-202108-0000001180965965url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965

Trust: 0.8

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172038

Trust: 0.6

sources: JVNDB: JVNDB-2021-018625 // CNNVD: CNNVD-202108-2830

EXTERNAL IDS

db:NVDid:CVE-2021-22441

Trust: 3.3

db:JVNDBid:JVNDB-2021-018625

Trust: 0.8

db:CNNVDid:CNNVD-202108-2830

Trust: 0.6

db:VULHUBid:VHN-380876

Trust: 0.1

sources: VULHUB: VHN-380876 // JVNDB: JVNDB-2021-018625 // CNNVD: CNNVD-202108-2830 // NVD: CVE-2021-22441

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22441

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-22441/

Trust: 0.6

sources: VULHUB: VHN-380876 // JVNDB: JVNDB-2021-018625 // CNNVD: CNNVD-202108-2830 // NVD: CVE-2021-22441

SOURCES

db:VULHUBid:VHN-380876
db:JVNDBid:JVNDB-2021-018625
db:CNNVDid:CNNVD-202108-2830
db:NVDid:CVE-2021-22441

LAST UPDATE DATE

2024-08-14T15:22:10.522000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380876date:2022-03-07T00:00:00
db:JVNDBid:JVNDB-2021-018625date:2023-07-04T02:07:00
db:CNNVDid:CNNVD-202108-2830date:2022-03-11T00:00:00
db:NVDid:CVE-2021-22441date:2022-03-07T18:59:28.417

SOURCES RELEASE DATE

db:VULHUBid:VHN-380876date:2022-02-25T00:00:00
db:JVNDBid:JVNDB-2021-018625date:2023-07-04T00:00:00
db:CNNVDid:CNNVD-202108-2830date:2021-08-05T00:00:00
db:NVDid:CVE-2021-22441date:2022-02-25T19:15:10.617