First published: Tue Aug 09 2022(Updated: )
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei EMUI | =10.0.0 | |
Huawei EMUI | =10.1.0 | |
Huawei EMUI | =10.1.1 | |
Huawei EMUI | =11.0.0 | |
Huawei HarmonyOS | =2.0 | |
Huawei Magic UI | =3.0.0 | |
Huawei Magic UI | =3.1.0 | |
Huawei Magic UI | =3.1.1 | |
Huawei Magic UI | =4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-40040 is classified as high due to its potential impact on data confidentiality.
To fix CVE-2021-40040, you should apply the latest security updates provided by Huawei for the affected software versions.
CVE-2021-40040 affects Huawei EMUI versions 10.0.0, 10.1.0, 10.1.1, 11.0.0, and Magic UI versions 3.0.0, 3.1.0, 3.1.1, 4.0.0, as well as HarmonyOS version 2.0.
Exploiting CVE-2021-40040 may allow unauthorized writing of data to arbitrary addresses, leading to a breach of confidentiality.
Users of affected Huawei devices running the specified versions of EMUI, HarmonyOS, and Magic UI are at risk from CVE-2021-40040.