Security-bulletin

security@openharmony.io

September 2024

1 participants
1 discussions

2024年9月安全公告
by 王晨 02 Sep '24

02 Sep '24

发布于2024.09.02 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-28044liteos_a整数溢出漏洞本地攻击者可通过本漏洞造成crash3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-41157liteos_a释放后使用漏洞本地攻击者可通过本漏洞获取root权限8.8OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-38386方舟eTS运行时越界读写漏洞本地攻击者通过本漏洞可在预装应用中执行代码8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasearkcompiler_ets_runtime4.0.x 4.1.x CVE-2024-39816方舟eTS运行时越界写漏洞本地攻击者通过本漏洞可在预装应用中执行代码8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasearkcompiler_ets_runtime4.0.x 4.1.x CVE-2024-39775网络管理权限绕过漏洞远程攻击者可通过本漏洞造成信息泄露6.5OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasecommunication_netmanager_base4.0.x 4.1.x CVE-2024-41160liteos_a内核释放后使用漏洞本地攻击者可通过本漏洞获取root权限8.8OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-38382元能力权限绕过漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.0-Releaseability_ability_runtime4.0.x CVE-2024-39612后台任务管理权限绕过漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.0-Releaseresourceschedule_background_task_mgr4.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-41009中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-41007低危3.3kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39495高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39475中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39472中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39467低危2.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39276中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38780中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38601中危5.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38596中危5.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38588高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38577高危8.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38564中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36971高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36489中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36286中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36270中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-34459中危5.5third_party_libxml2OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-34027中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-25739中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-24863中危5.3kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-24858中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-24857中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-22099中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52791中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52498中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x 4.0.x 4.0.x 4.0.x 4.0.x CVE-2022-48810中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48809中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48805低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48804中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47582中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5498中危6.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-5497低危0.0web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5535中危5.9third_party_opensslOpenHarmony-v4.1-Release4.1.x CVE-2024-5841高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5847高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-24860中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26585中危4.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年09月[4.1.x] [4.0.x]

1 0