CVE-2021-22381

Vulnerability

An input verification vulnerability exists in Huawei Smartphone software. Successful exploitation can cause an infinite loop, leading to a denial of service (DoS). The precise affected versions are not detailed in the available references, but Huawei's June 2021 security bulletin lists patches for various models and EMUI versions (e.g., EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0) for other CVEs, suggesting the fix for CVE-2021-22381 is included in that update [1].

Exploitation

The attacker requires the ability to send crafted input to the targeted device. No authentication or special privileges are explicitly required by the sources. The vulnerable component fails to properly verify input, and when a specially crafted input is processed, the system enters an infinite loop [1].

Impact

Successful exploitation causes the device to enter an infinite loop, resulting in a denial-of-service (DoS) condition. The device becomes unresponsive, impacting availability. No confidentiality or integrity impact is mentioned in the provided description [1].

Mitigation

Huawei released a fix as part of its June 2021 security update. Users should apply the latest security patch for their device through the standard update mechanism. No workaround is detailed in the references [1].