10 May '23
2023年05月安全漏洞
发布于2023.05.09
最后更新于2023.05.09
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
CVSS 3.1得分
受影响的仓库
受影响的OpenHarmony版本
修复链接
CVE-2021-36647
中
4.7
third_party_mbedtls
device_hisilicon_hispark_taurus
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129>
CVE-2023-1382
中
5.5
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805>
CVE-2023-0386
中
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1281
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-28772
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1637
低
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2021-3923
低
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1380
高
7.1
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1582
中
4.7
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766>
CVE-2022-48434
高
8.1
third_party_ffmpeg
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83>
CVE-2023-1838
中
5.3
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774>
CVE-2023-1838
中
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1855
中
6.3
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-30456
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2022-45934
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130>
CVE-2022-2978
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122>
CVE-2022-29581
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1989
高
7.0
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1829
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1990
中
4.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1859
中
6.4
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-2004
中
5.3
third_party_freetype
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51>
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53>
CVE-2023-2006
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812>
CVE-2023-2008
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788>
Security Vulnerabilities in May 2023
published May 9,2023
updated May 9,2023
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
CVSS3.1
affected repository
affected OpenHarmony versions
fix link
CVE-2021-36647
Medium
4.7
third_party_mbedtls
device_hisilicon_hispark_taurus
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129>
CVE-2023-1382
Medium
5.5
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805>
CVE-2023-0386
Medium
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1281
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-28772
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1637
Low
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2021-3923
Low
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1380
High
7.1
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1582
Medium
4.7
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766>
CVE-2022-48434
High
8.1
third_party_ffmpeg
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83>
CVE-2023-1838
Medium
5.3
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774>
CVE-2023-1838
Medium
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1855
Medium
6.3
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-30456
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2022-45934
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130>
CVE-2022-2978
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122>
CVE-2022-29581
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1989
High
7.0
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1829
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1990
Medium
4.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1859
Medium
6.4
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-2004
Medium
5.3
third_party_freetype
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51>
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53>
CVE-2023-2006
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812>
CVE-2023-2008
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788>
1
0