Sign-up

ID

VAR-202110-1482


CVE

CVE-2021-36994


TITLE

Huawei  Race Condition Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014264

DESCRIPTION

There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist. Huawei Smartphones contain a race condition vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-36994 // JVNDB: JVNDB-2021-014264 // VULHUB: VHN-398827

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014264 // NVD: CVE-2021-36994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36994
value: LOW

Trust: 1.0

NVD: CVE-2021-36994
value: LOW

Trust: 0.8

CNNVD: CNNVD-202110-2093
value: LOW

Trust: 0.6

VULHUB: VHN-398827
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36994
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398827
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36994
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-36994
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398827 // JVNDB: JVNDB-2021-014264 // CNNVD: CNNVD-202110-2093 // NVD: CVE-2021-36994

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:Race condition (CWE-362) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398827 // JVNDB: JVNDB-2021-014264 // NVD: CVE-2021-36994

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2093

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-2093

PATCH

title:CVE-2021-36994url:https://consumer.huawei.com/en/support/bulletin/2021/7/

Trust: 0.8

title:Huawei Smartphone Repair measures for the competition condition problem loopholeurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168230

Trust: 0.6

sources: JVNDB: JVNDB-2021-014264 // CNNVD: CNNVD-202110-2093

EXTERNAL IDS

db:NVDid:CVE-2021-36994

Trust: 3.3

db:JVNDBid:JVNDB-2021-014264

Trust: 0.8

db:CNNVDid:CNNVD-202110-2093

Trust: 0.6

db:VULHUBid:VHN-398827

Trust: 0.1

sources: VULHUB: VHN-398827 // JVNDB: JVNDB-2021-014264 // CNNVD: CNNVD-202110-2093 // NVD: CVE-2021-36994

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/7/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36994

Trust: 1.4

sources: VULHUB: VHN-398827 // JVNDB: JVNDB-2021-014264 // CNNVD: CNNVD-202110-2093 // NVD: CVE-2021-36994

SOURCES

db:VULHUBid:VHN-398827
db:JVNDBid:JVNDB-2021-014264
db:CNNVDid:CNNVD-202110-2093
db:NVDid:CVE-2021-36994

LAST UPDATE DATE

2024-08-14T14:03:01.737000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398827date:2021-11-01T00:00:00
db:JVNDBid:JVNDB-2021-014264date:2022-10-11T08:52:00
db:CNNVDid:CNNVD-202110-2093date:2021-11-05T00:00:00
db:NVDid:CVE-2021-36994date:2021-11-01T23:07:39.173

SOURCES RELEASE DATE

db:VULHUBid:VHN-398827date:2021-10-28T00:00:00
db:JVNDBid:JVNDB-2021-014264date:2022-10-11T00:00:00
db:CNNVDid:CNNVD-202110-2093date:2021-10-28T00:00:00
db:NVDid:CVE-2021-36994date:2021-10-28T13:15:10.740