CVE-2021-22385Resource Exposure in Huawei Emui

CWE-668Resource ExposureCWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Magic UI
Timeline
PublishedAug 10
Latest updateMay 24

Description

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/emui10.1.0, 10.1.1, 11.0.0+2
NVDhuawei/magic_ui3.1.0, 3.1.1, 4.0.0+2

🔴Vulnerability Details

2
GHSA
GHSA-9j2g-v2pj-p54f: A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability2022-05-24
CVEList
CVE-2021-22385: A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability2021-08-10
CVE-2021-22385 — Resource Exposure in Huawei Emui | cvebase