Security-bulletin

Thread Start a new thread

security@openharmony.io

December 2022

1 participants
1 discussions

OpenHarmony 2022年12月安全公告 Security Vulnerabilities in December 2022
by Liuxu (louis) 06 Dec '22

06 Dec '22

2022年12月安全漏洞发布于2022.12.06 最后更新于2022.12.06 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2022-1201 CVE-2022-45877 跨设备认证中pin码会明文传输到对端设备进行校验，会降低中间人攻击的难度。攻击者可在局域网发起攻击，绕过权限管控机制，降低中间人攻击的难度。 8.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release distributedhardware_device_manager applications_hap security_device_auth 3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915> 3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364> 3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351> 本项目组上报 OpenHarmony-SA-2022-1202 CVE-2022-41802 内核子系统kernel_liteos_a中系统调用SysClockGetres存在泄漏内核栈的漏洞。攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。 4.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> 研究者上报 OpenHarmony-SA-2022-1203 CVE-2022-45126 内核子系统kernel_liteos_a中系统调用SysClockGettime存在泄漏内核栈的漏洞。攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。 4.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> 研究者上报 OpenHarmony-SA-2022-1204 CVE-2022-43662 内核子系统kernel_liteos_a中系统调用SysTimerGettime存在泄漏内核栈的漏洞。攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。 4.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> 研究者上报 OpenHarmony-SA-2022-1205 CVE-2022-44455 appspawn and nwebspawn服务对输入缺少校验，存在内存溢出漏洞。攻击者可在本地发起攻击，恶意应用可以提升权限或造成应用崩溃。 6.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS startup_appspawn 3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361> 3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426> 本项目组上报 OpenHarmony-SA-2022-1206 CVE-2022-45118 通信子系统telephony发送公共事件时带有个人数据，但缺少权限设置。攻击者可在本地发起攻击，恶意应用可以无权限监听广播获取手机号、短信数据等信息。 6.2 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release telephony_state_registry telephony_sms_mms 3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224> 3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615> 本项目组上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2022-20422 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3303 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-42703 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41222 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3239 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-20423 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41850 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3586 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3625 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-42432 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3633 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3635 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3629 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3623 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3646 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3621 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3567 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-43750 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3545 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3523 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-2602 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3628 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-40768 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3566 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3577 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3606 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3649 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3564 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-20409 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-41849 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-20421 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3435 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42719 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42720 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42721 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42722 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-41674 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3535 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3521 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3524 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3534 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3542 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> CVE-2022-3565 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3594 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> Security Vulnerabilities in December 2022 published December 6,2022 updated December 6,2022 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2022-1201 CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks. 8.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release distributedhardware_device_manager applications_hap security_device_auth 3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915> 3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364> 3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351> Reported by OpenHarmony Team OpenHarmony-SA-2022-1202 CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> Reported by Researchers OpenHarmony-SA-2022-1203 CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> Reported by Researchers OpenHarmony-SA-2022-1204 CVE-2022-43662 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> Reported by Researchers OpenHarmony-SA-2022-1205 CVE-2022-44455 The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. 6.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS startup_appspawn 3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361> 3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426> Reported by OpenHarmony Team OpenHarmony-SA-2022-1206 CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release telephony_state_registry telephony_sms_mms 3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224> 3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-20422 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3303 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-42703 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41222 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3239 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-20423 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41850 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3586 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3625 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-42432 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3633 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3635 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3629 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3623 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3646 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3621 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3567 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-43750 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3545 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3523 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-2602 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3628 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-40768 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3566 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3577 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3606 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3649 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3564 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-20409 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-41849 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-20421 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3435 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42719 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42720 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42721 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42722 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-41674 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3535 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3521 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3524 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3534 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3542 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> CVE-2022-3565 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3594 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

1 0