Data Storage Vulnerability in HarmonyOS Devices by Huawei
CVE-2021-40040

7.5HIGH

Key Information:

Vendor: Huawei
Status: Harmonyos;emui;magic Ui
Vendor: CVE Published:; 10 August 2022

What is CVE-2021-40040?

A vulnerability in the HW_KEYMASTER module allows unauthorized data writing to arbitrary memory addresses in HarmonyOS devices. This exposure could lead to significant risks regarding data confidentiality. Exploit scenarios may result in sensitive information being compromised, thus posing a threat to user privacy and security.

Affected Version(s)

HarmonyOS;EMUI;Magic UI HarmonyOS 2.0

HarmonyOS;EMUI;Magic UI EMUI 11.0.0,EMUI 10.1.1,EMUI 10.1.0,EMUI 10.0.0

HarmonyOS;EMUI;Magic UI Magic UI 4.0.0,Magic UI 3.1.1,Magic UI 3.1.0,Magic UI 3.0.0

References

https://consumer.huawei.com/en/support/bulletin/2022/8/

x_refsource_MISC

https://device.harmonyos.com/en/docs/security/update/secu...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Aug 23, 2021