Details of VAR-202209-0453

ID

VAR-202209-0453

CVE

CVE-2021-40017

TITLE

Huawei of EMUI and HarmonyOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-020317

DESCRIPTION

The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. Huawei of EMUI and HarmonyOS There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a buffer overflow vulnerability in HarmonyOS 2.0

Trust: 1.8

sources: NVD: CVE-2021-40017 // JVNDB: JVNDB-2021-020317 // VULHUB: VHN-401418 // VULMON: CVE-2021-40017

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-020317 // NVD: CVE-2021-40017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40017
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-40017
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202209-168
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-40017
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40017
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-020317 // CNNVD: CNNVD-202209-168 // NVD: CVE-2021-40017

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-401418 // JVNDB: JVNDB-2021-020317 // NVD: CVE-2021-40017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-168

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202209-168

PATCH

title:

Huawei HarmonyOS Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=208408

Trust: 0.6

sources: CNNVD: CNNVD-202209-168

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40017	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-020317	Trust: 0.8
db:	CNNVD	id:	CNNVD-202209-168	Trust: 0.6
db:	CNVD	id:	CNVD-2022-64981	Trust: 0.1
db:	VULHUB	id:	VHN-401418	Trust: 0.1
db:	VULMON	id:	CVE-2021-40017	Trust: 0.1

sources: VULHUB: VHN-401418 // VULMON: CVE-2021-40017 // JVNDB: JVNDB-2021-020317 // CNNVD: CNNVD-202209-168 // NVD: CVE-2021-40017

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845	Trust: 2.6
url:	https://consumer.huawei.com/en/support/bulletin/2022/10/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40017	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-40017/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202209-0000001392078921	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-401418 // VULMON: CVE-2021-40017 // JVNDB: JVNDB-2021-020317 // CNNVD: CNNVD-202209-168 // NVD: CVE-2021-40017

SOURCES

db:	VULHUB	id:	VHN-401418
db:	VULMON	id:	CVE-2021-40017
db:	JVNDB	id:	JVNDB-2021-020317
db:	CNNVD	id:	CNNVD-202209-168
db:	NVD	id:	CVE-2021-40017

LAST UPDATE DATE

2024-08-14T14:43:43.509000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401418	date:	2022-11-10T00:00:00
db:	VULMON	id:	CVE-2021-40017	date:	2022-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-020317	date:	2023-10-11T08:55:00
db:	CNNVD	id:	CNNVD-202209-168	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2021-40017	date:	2023-08-08T14:21:49.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401418	date:	2022-09-16T00:00:00
db:	VULMON	id:	CVE-2021-40017	date:	2022-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-020317	date:	2023-10-11T00:00:00
db:	CNNVD	id:	CNNVD-202209-168	date:	2022-09-05T00:00:00
db:	NVD	id:	CVE-2021-40017	date:	2022-09-16T18:15:11.457