2022年6月安全漏洞
发布于2022.6.6
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0601
NA
事件通知子系统反序列化对象时会绕过认证机制。
攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
notification_ces_standard
链接<https://gitee.com/openharmony/notification_common_event_service/pulls/269>
本项目组上报
OpenHarmony-SA-2022-0602
NA
事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
notification_ces_standard
链接<https://gitee.com/openharmony/notification_common_event_service/pulls/245>
本项目组上报
OpenHarmony-SA-2022-0603
NA
升级服务组件存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
update_updateservice
链接<https://gitee.com/openharmony/update_updateservice/pulls/115>
本项目组上报
OpenHarmony-SA-2022-0604
NA
多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
multimedia_media_standard
链接<https://gitee.com/openharmony/multimedia_media_standard/pulls/567>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-25313
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25314
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25315
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25235
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25236
严重
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-23308
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_libxml2/pulls/11>
CVE-2022-25375
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-25258
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-0435
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24959
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-44879
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24958
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-45402
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-4160
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/29>
CVE-2022-0778
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2022-0886
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/143>
CVE-2022-1055
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0995
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39698
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0494
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1048
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1016
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39686
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0500
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2022-28390
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28389
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28388
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28893
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-1353
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28356
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2019-16089
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4156
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_libsnd/pulls/10>
CVE-2022-22576
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27775
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27776
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27774
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2021-3520
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_lz4/pulls/2>
CVE-2021-44732
严重
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_mbedtls/pulls/31>
CVE-2021-36690
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_sqlite/pulls/4>
CVE-2021-3732
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-22570
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_protobuf/pulls/26>
CVE-2021-22569
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_protobuf/pulls/27>
Security Vulnerabilities in June 2022
published June 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0601
NA
The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object.
Local attackers can bypass authenication and crash the server process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
notification_ces_standard
Link<https://gitee.com/openharmony/notification_common_event_service/pulls/269>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0602
NA
The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
notification_ces_standard
Link<https://gitee.com/openharmony/notification_common_event_service/pulls/245>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0603
NA
The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
update_updateservice
Link<https://gitee.com/openharmony/update_updateservice/pulls/115>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0604
NA
The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
multimedia_media_standard
Link<https://gitee.com/openharmony/multimedia_media_standard/pulls/567>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-25313
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25314
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25315
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25235
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25236
Critical
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-23308
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_libxml2/pulls/11>
CVE-2022-25375
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-25258
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-0435
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24959
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-44879
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24958
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-45402
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-4160
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/29>
CVE-2022-0778
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2022-0886
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/143>
CVE-2022-1055
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0995
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39698
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0494
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1048
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1016
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39686
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0500
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2022-28390
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28389
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28388
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28893
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-1353
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28356
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2019-16089
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4156
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_libsnd/pulls/10>
CVE-2022-22576
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27775
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27776
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27774
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2021-3520
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_lz4/pulls/2>
CVE-2021-44732
Critical
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_mbedtls/pulls/31>
CVE-2021-36690
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_sqlite/pulls/4>
CVE-2021-3732
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-22570
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_protobuf/pulls/26>
CVE-2021-22569
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_protobuf/pulls/27>
1
0