CVE-2021-22437Integer Overflow or Wraparound in Huawei Emui

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 94.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Magic UI
Timeline
PublishedFeb 25
Latest updateFeb 26

Description

There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

CVEListV5huawei/emui10.1.0, 10.1.1+1
NVDhuawei/emui10.1.0, 10.1.1+1
CVEListV5huawei/magic_ui3.1.0, 3.1.1+1
NVDhuawei/magic_ui3.1.0, 3.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-rmqv-xpvq-7fm9: There is a software integer overflow leading to a TOCTOU condition in smartphones2022-02-26
CVEList
CVE-2021-22437: There is a software integer overflow leading to a TOCTOU condition in smartphones2022-02-25
CVE-2021-22437 — Integer Overflow or Wraparound | cvebase