CVE-2021-22327

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
huaweip30_firmware
10.0.0.186\(c10e7r5p1\)
huaweip30_firmware
10.0.0.186\(c461e4r3p1\)
huaweip30_firmware
10.0.0.188\(c00e85r2p11\)
huaweip30_firmware
10.0.0.188\(c01e88r2p11\)
huaweip30_firmware
10.0.0.188\(c605e19r1p3\)
huaweip30_firmware
10.0.0.190\(c185e4r7p1\)
huaweip30_firmware
10.0.0.190\(c431e22r2p5\)
huaweip30_firmware
10.0.0.190\(c432e22r2p5\)
huaweip30_firmware
10.0.0.190\(c605e19r1p3\)
huaweip30_firmware
10.0.0.190\(c636e4r3p4\)
huaweip30_firmware
10.0.0.192\(c635e3r2p4\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210331-01-smartphone-en