Details of VAR-202110-1488

ID

VAR-202110-1488

CVE

CVE-2021-36987

TITLE

Huawei Race Condition Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014307

DESCRIPTION

There is a issue that nodes in the linked list being freed for multiple times in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause the system to restart. Huawei Smartphones contain a race condition vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36987 // JVNDB: JVNDB-2021-014307 // VULHUB: VHN-398819

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014307 // NVD: CVE-2021-36987

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36987
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36987
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202110-2086
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398819
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36987
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398819
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36987
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36987
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398819 // JVNDB: JVNDB-2021-014307 // CNNVD: CNNVD-202110-2086 // NVD: CVE-2021-36987

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.1
problemtype:	Race condition (CWE-362) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398819 // JVNDB: JVNDB-2021-014307 // NVD: CVE-2021-36987

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2086

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-2086

PATCH

title:	CVE-2021-36987	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei HarmonyOS Repair measures for the competition condition problem loophole	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171602	Trust: 0.6

sources: JVNDB: JVNDB-2021-014307 // CNNVD: CNNVD-202110-2086

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36987	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014307	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2086	Trust: 0.6
db:	VULHUB	id:	VHN-398819	Trust: 0.1

sources: VULHUB: VHN-398819 // JVNDB: JVNDB-2021-014307 // CNNVD: CNNVD-202110-2086 // NVD: CVE-2021-36987

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36987	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 0.6

sources: VULHUB: VHN-398819 // JVNDB: JVNDB-2021-014307 // CNNVD: CNNVD-202110-2086 // NVD: CVE-2021-36987

SOURCES

db:	VULHUB	id:	VHN-398819
db:	JVNDB	id:	JVNDB-2021-014307
db:	CNNVD	id:	CNNVD-202110-2086
db:	NVD	id:	CVE-2021-36987

LAST UPDATE DATE

2024-08-14T15:22:04.330000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398819	date:	2021-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-014307	date:	2022-10-12T08:22:00
db:	CNNVD	id:	CNNVD-202110-2086	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-36987	date:	2021-11-01T23:14:51.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398819	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014307	date:	2022-10-12T00:00:00
db:	CNNVD	id:	CNNVD-202110-2086	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-36987	date:	2021-10-28T13:15:10.443