Security Vulnerabilities in October 2022
published October 11,2022
updated October 11,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1001
CVE-2022-42488
Startup subsystem missed permission validation in param service.
Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1002
CVE-2022-42464
Kernel memory pool override in /dev/mmz_userdev device driver
If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
6.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.0.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.1.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1003
CVE-2022-41686
Out-of-bound memory read and write in /dev/mmz_userdev device driver.
If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption.
5.1
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1004
CVE-2022-42463
Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function.
Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
8.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-27405
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0
11 Oct '22
2022年10月安全漏洞
发布于2022.10.11
最后更新于2022.10.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1001
CVE-2022-42488
启动子系统param服务缺少权限校验。
攻击者可在本地发起攻击,获取root权限,关闭安全特性或对任意服务造成DoS攻击。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
本项目组上报
OpenHarmony-SA-2022-1002
CVE-2022-42464
dev/mmz_userdev驱动存在内核内存非法映射漏洞。
攻击者可在本地发起攻击,非法映射内存并进行读写,可提升到root权限或造成设备重启。利用此漏洞需要system UID。
6.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.1.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
本项目组上报
OpenHarmony-SA-2022-1003
CVE-2022-41686
dev/mmz_userdev驱动存在越界读写漏洞。
攻击者可在本地发起攻击,越界读写内存地址,造成内存泄露或崩溃。利用此漏洞需要system UID。
5.1
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
本项目组上报
OpenHarmony-SA-2022-1004
CVE-2022-42463
通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。
攻击者可以在分布式网络发起攻击,发送蓝牙rfcomm报文到任意远程设备,执行任意命令。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-27405
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0