Security-bulletin

security@openharmony.io

November 2024

1 participants
1 discussions

2024年11月安全公告
by 王晨 05 Nov '24

05 Nov '24

发布于2024.11.05 备注：OpenHarmony-v4.0-Release分支已停止维护，后续这个分支的安全漏洞不再维护，详情参见： OpenHarmony 4.0-Release分支停止维护公告 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-47797liteos_a内核越界写漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47404liteos_a内核内存二次释放漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47137liteos_a内核越界写漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47402liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-8088高危7.5third_party_pythonOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45028中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45006中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44987高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43892中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43884中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43882高危7.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43871中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43856中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43853中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43828中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42312中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-42305高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42304中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-42302高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42283中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42276中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42271高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42106中危4.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52889中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52623中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52615中危4.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52622中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52616中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52886中危6.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52679中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52898中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44969高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52635中危4.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-7013中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x 4.1.x CVE-2023-7012低危2.7web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.0.x 4.1.x 4.1.x CVE-2023-7011中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2023-7010低危2.7web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6777中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-6778低危3.1web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-3172高危8.8web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-3175中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6996低危3.1web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.0.x 4.1.x 4.1.x CVE-2024-7004中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6989中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6119高危7.5third_party_opensslOpenHarmony-v4.0-Release4.0.x CVE-2024-42292中危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43834中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44952中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-46798高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45018中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年11月[4.1.x] [4.0.x]

1 0