Sign-up

ID

VAR-202201-1042


CVE

CVE-2021-40037


TITLE

plural  Huawei  Product type mix-up vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-002909

DESCRIPTION

There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. Huawei HarmonyOS , EMUI , Magic UI contains a type confusion vulnerability.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has a security vulnerability

Trust: 1.71

sources: NVD: CVE-2021-40037 // JVNDB: JVNDB-2022-002909 // VULHUB: VHN-401438

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002909 // NVD: CVE-2021-40037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40037
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-40037
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202201-279
value: MEDIUM

Trust: 0.6

VULHUB: VHN-401438
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-40037
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-401438
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40037
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-40037
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401438 // JVNDB: JVNDB-2022-002909 // CNNVD: CNNVD-202201-279 // NVD: CVE-2021-40037

PROBLEMTYPE DATA

problemtype:CWE-843

Trust: 1.1

problemtype:Mistake of type (CWE-843) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401438 // JVNDB: JVNDB-2022-002909 // NVD: CVE-2021-40037

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-279

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-279

PATCH

title:security-bulletins-202201-0000001238736331 Huawei Support Bulletinurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 0.8

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177445

Trust: 0.6

sources: JVNDB: JVNDB-2022-002909 // CNNVD: CNNVD-202201-279

EXTERNAL IDS

db:NVDid:CVE-2021-40037

Trust: 3.3

db:JVNDBid:JVNDB-2022-002909

Trust: 0.8

db:CNNVDid:CNNVD-202201-279

Trust: 0.7

db:CNVDid:CNVD-2022-04994

Trust: 0.1

db:VULHUBid:VHN-401438

Trust: 0.1

sources: VULHUB: VHN-401438 // JVNDB: JVNDB-2022-002909 // CNNVD: CNNVD-202201-279 // NVD: CVE-2021-40037

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/1/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-40037

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 0.6

sources: VULHUB: VHN-401438 // JVNDB: JVNDB-2022-002909 // CNNVD: CNNVD-202201-279 // NVD: CVE-2021-40037

SOURCES

db:VULHUBid:VHN-401438
db:JVNDBid:JVNDB-2022-002909
db:CNNVDid:CNNVD-202201-279
db:NVDid:CVE-2021-40037

LAST UPDATE DATE

2024-08-14T15:16:56.631000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401438date:2022-01-13T00:00:00
db:JVNDBid:JVNDB-2022-002909date:2023-01-27T02:20:00
db:CNNVDid:CNNVD-202201-279date:2022-01-14T00:00:00
db:NVDid:CVE-2021-40037date:2022-01-13T15:33:36.160

SOURCES RELEASE DATE

db:VULHUBid:VHN-401438date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-002909date:2023-01-27T00:00:00
db:CNNVDid:CNNVD-202201-279date:2022-01-05T00:00:00
db:NVDid:CVE-2021-40037date:2022-01-10T14:10:22.520