ID

VAR-202112-0343


CVE

CVE-2021-37092


TITLE

plural  Huawei  Incomplete Cleanup Vulnerability in Smartphone Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015866

DESCRIPTION

There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. plural Huawei An incomplete cleanup vulnerability exists in smartphone products.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. HUAWEI HarmonyOS has a resource management error vulnerability. This vulnerability is caused by a resource not closing or releasing vulnerability in a certain component of HarmonyOS. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2021-37092 // JVNDB: JVNDB-2021-015866 // VULHUB: VHN-398928

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:10.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:9.1.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015866 // NVD: CVE-2021-37092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37092
value: HIGH

Trust: 1.0

NVD: CVE-2021-37092
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-2038
value: HIGH

Trust: 0.6

VULHUB: VHN-398928
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37092
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398928
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37092
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37092
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038 // NVD: CVE-2021-37092

PROBLEMTYPE DATA

problemtype:CWE-459

Trust: 1.1

problemtype:incomplete cleanup (CWE-459) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // NVD: CVE-2021-37092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2038

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2038

PATCH

title:Memory leakage vulnerability in some HUAWEI devicesurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173795

Trust: 0.6

sources: JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038

EXTERNAL IDS

db:NVDid:CVE-2021-37092

Trust: 3.3

db:JVNDBid:JVNDB-2021-015866

Trust: 0.8

db:CNNVDid:CNNVD-202109-2038

Trust: 0.6

db:CNVDid:CNVD-2022-08328

Trust: 0.1

db:VULHUBid:VHN-398928

Trust: 0.1

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038 // NVD: CVE-2021-37092

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/10/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37092

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038 // NVD: CVE-2021-37092

SOURCES

db:VULHUBid:VHN-398928
db:JVNDBid:JVNDB-2021-015866
db:CNNVDid:CNNVD-202109-2038
db:NVDid:CVE-2021-37092

LAST UPDATE DATE

2024-08-14T14:11:10.103000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398928date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015866date:2022-12-01T03:15:00
db:CNNVDid:CNNVD-202109-2038date:2021-12-10T00:00:00
db:NVDid:CVE-2021-37092date:2021-12-09T17:59:00.210

SOURCES RELEASE DATE

db:VULHUBid:VHN-398928date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015866date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202109-2038date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37092date:2021-12-08T15:15:09.920