ID

VAR-202201-1016


CVE

CVE-2021-39993


TITLE

EMUI  and  Magic UI  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003115

DESCRIPTION

There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. EMUI and Magic UI Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Huawei Smartphone is a smartphone from the Chinese company Huawei

Trust: 2.25

sources: NVD: CVE-2021-39993 // JVNDB: JVNDB-2022-003115 // CNVD: CNVD-2022-08047 // VULHUB: VHN-401394

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-08047

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.6

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.6

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2022-08047 // JVNDB: JVNDB-2022-003115 // NVD: CVE-2021-39993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39993
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-39993
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-08047
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202201-568
value: CRITICAL

Trust: 0.6

VULHUB: VHN-401394
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-39993
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-08047
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-401394
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-39993
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-39993
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-08047 // VULHUB: VHN-401394 // JVNDB: JVNDB-2022-003115 // CNNVD: CNNVD-202201-568 // NVD: CVE-2021-39993

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401394 // JVNDB: JVNDB-2022-003115 // NVD: CVE-2021-39993

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-568

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-568

PATCH

title:HUAWEI EMUI/Magic UI security updates December 2021url:https://consumer.huawei.com/en/support/bulletin/2021/12/

Trust: 0.8

title:Patch for Huawei Smartphone Buffer Overflow Vulnerability (CNVD-2022-08047)url:https://www.cnvd.org.cn/patchInfo/show/316841

Trust: 0.6

title:Huawei Smartphone Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178044

Trust: 0.6

sources: CNVD: CNVD-2022-08047 // JVNDB: JVNDB-2022-003115 // CNNVD: CNNVD-202201-568

EXTERNAL IDS

db:NVDid:CVE-2021-39993

Trust: 3.9

db:JVNDBid:JVNDB-2022-003115

Trust: 0.8

db:CNVDid:CNVD-2022-08047

Trust: 0.7

db:CNNVDid:CNNVD-202201-568

Trust: 0.6

db:VULHUBid:VHN-401394

Trust: 0.1

sources: CNVD: CNVD-2022-08047 // VULHUB: VHN-401394 // JVNDB: JVNDB-2022-003115 // CNNVD: CNNVD-202201-568 // NVD: CVE-2021-39993

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-39993

Trust: 2.0

url:https://consumer.huawei.com/en/support/bulletin/2021/12/

Trust: 1.7

sources: CNVD: CNVD-2022-08047 // VULHUB: VHN-401394 // JVNDB: JVNDB-2022-003115 // CNNVD: CNNVD-202201-568 // NVD: CVE-2021-39993

SOURCES

db:CNVDid:CNVD-2022-08047
db:VULHUBid:VHN-401394
db:JVNDBid:JVNDB-2022-003115
db:CNNVDid:CNNVD-202201-568
db:NVDid:CVE-2021-39993

LAST UPDATE DATE

2024-08-14T13:53:41.044000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-08047date:2022-02-01T00:00:00
db:VULHUBid:VHN-401394date:2022-01-14T00:00:00
db:JVNDBid:JVNDB-2022-003115date:2023-02-08T07:00:00
db:CNNVDid:CNNVD-202201-568date:2022-02-09T00:00:00
db:NVDid:CVE-2021-39993date:2022-01-14T16:44:08.930

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-08047date:2022-01-30T00:00:00
db:VULHUBid:VHN-401394date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-003115date:2023-02-08T00:00:00
db:CNNVDid:CNNVD-202201-568date:2022-01-10T00:00:00
db:NVDid:CVE-2021-39993date:2022-01-10T14:10:20.773