CVE-2021-36994: Race Condition
First published: Thu Oct 28 2021(Updated: )
There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMUI 5.0 | =10.1.1 | |
| EMUI 5.0 | =11.0.0 | |
| Magic UI | =3.1.1 | |
| Magic UI | =4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-36994?
CVE-2021-36994 is classified as a medium severity vulnerability due to the potential for exceptions when managing the system trustlist.
How do I fix CVE-2021-36994?
To fix CVE-2021-36994, update your Huawei device to the latest firmware version provided by Huawei.
What devices are affected by CVE-2021-36994?
CVE-2021-36994 affects Huawei smartphones running EMUI 10.1.1, EMUI 11.0.0, Magic UI 3.1.1, and Magic UI 4.0.0.
What causes the issue in CVE-2021-36994?
The issue in CVE-2021-36994 is caused by race conditions leading to repeated insertion of trustlist strings into a linked list.
What are the consequences of exploiting CVE-2021-36994?
Exploiting CVE-2021-36994 can lead to system exceptions which may affect the stability and functionality of affected Huawei devices.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/emui 5.0
- version/emui 5.0/10.1.1
- version/emui 5.0/11.0.0
- canonical/magic ui
- version/magic ui/3.1.1
- version/magic ui/4.0.0