Sign-up

ID

VAR-202201-1716


CVE

CVE-2021-40039


TITLE

plural  Huawei  In the product  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-002911

DESCRIPTION

There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. A resource management error vulnerability exists in Huawei HarmonyOS due to repeated calls to freed pointers by the product's camera component

Trust: 1.71

sources: NVD: CVE-2021-40039 // JVNDB: JVNDB-2022-002911 // VULHUB: VHN-401440

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-002911 // NVD: CVE-2021-40039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40039
value: HIGH

Trust: 1.0

NVD: CVE-2021-40039
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-294
value: HIGH

Trust: 0.6

VULHUB: VHN-401440
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-40039
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-401440
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40039
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-40039
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401440 // JVNDB: JVNDB-2022-002911 // CNNVD: CNNVD-202201-294 // NVD: CVE-2021-40039

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401440 // JVNDB: JVNDB-2022-002911 // NVD: CVE-2021-40039

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-294

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202201-294

PATCH

title:security-bulletins-202201-0000001238736331 Huawei Support Bulletinurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 0.8

title:Huawei HarmonyOS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177450

Trust: 0.6

sources: JVNDB: JVNDB-2022-002911 // CNNVD: CNNVD-202201-294

EXTERNAL IDS

db:NVDid:CVE-2021-40039

Trust: 3.3

db:JVNDBid:JVNDB-2022-002911

Trust: 0.8

db:CNNVDid:CNNVD-202201-294

Trust: 0.7

db:CNVDid:CNVD-2022-04996

Trust: 0.1

db:VULHUBid:VHN-401440

Trust: 0.1

sources: VULHUB: VHN-401440 // JVNDB: JVNDB-2022-002911 // CNNVD: CNNVD-202201-294 // NVD: CVE-2021-40039

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/1/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-40039

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202201-0000001238736331

Trust: 0.6

sources: VULHUB: VHN-401440 // JVNDB: JVNDB-2022-002911 // CNNVD: CNNVD-202201-294 // NVD: CVE-2021-40039

SOURCES

db:VULHUBid:VHN-401440
db:JVNDBid:JVNDB-2022-002911
db:CNNVDid:CNNVD-202201-294
db:NVDid:CVE-2021-40039

LAST UPDATE DATE

2024-08-14T15:16:52.557000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401440date:2022-01-13T00:00:00
db:JVNDBid:JVNDB-2022-002911date:2023-01-27T02:20:00
db:CNNVDid:CNNVD-202201-294date:2022-01-14T00:00:00
db:NVDid:CVE-2021-40039date:2022-01-13T15:37:04.397

SOURCES RELEASE DATE

db:VULHUBid:VHN-401440date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-002911date:2023-01-27T00:00:00
db:CNNVDid:CNNVD-202201-294date:2022-01-05T00:00:00
db:NVDid:CVE-2021-40039date:2022-01-10T14:10:22.937