CVE-2021-22364

Vulnerability

A denial of service vulnerability exists in HUAWEI Mate 30 (version 10.1.0.126(C00E125R5P3)) and HUAWEI Mate 30 (5G) (version 10.1.0.152(C00E136R7P2)). The flaw resides in an unspecified module that does not validate certain input parameters sufficiently, leading to exceptions [1]. The affected firmware versions are explicitly listed in the vendor advisory [1].

Exploitation

An attacker can exploit this vulnerability without authentication, likely over the network, by sending crafted input to the vulnerable module. The exact attack vector is not detailed, but the advisory indicates that successful exploitation requires no unusual privileges. The steps involve triggering the insufficiently verified parameters to cause the module to enter an exceptional state [1].

Impact

Successful exploitation results in a denial of service condition, potentially causing the device to crash or become unresponsive. The impact is limited to temporary unavailability of the device; no data compromise or privilege escalation is indicated [1].

Mitigation

Huawei has released software updates to resolve the vulnerability. For HUAWEI Mate 30, the fix is included in firmware version 11.0.0.175(C00E175R7P11). For HUAWEI Mate 30 (5G), the same version 11.0.0.175(C00E175R7P11) addresses the issue. Users should update their devices to the latest firmware as provided by Huawei [1].