Security-bulletin

security@openharmony.io

April 2025

1 participants
1 discussions

2025年04月安全公告
by 王晨 01 Apr '25

01 Apr '25

发布于2025.04.01 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.2-Release分支进行安全漏洞维护, 部分仓已提前开始对OpenHarmony-5.0.3-Release分支进行维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-22851kernel_liteos_a 整数溢出本地攻击者可在受限场景造成任意代码执行中危6.5OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasekernel_liteos_a5.0.2.x 4.1.x CVE-2025-22842arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-25057third_party_NuttX 内存泄露本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasethird_party_NuttX5.0.2.x 4.1.x CVE-2025-27534arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-24304arkcompiler_ets_runtime越界写本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-20102arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-22452arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-57940中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57931无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57924无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57907高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57874中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57849中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57792中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56739中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56703中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56694中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56692中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56688中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56658高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56647中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56644无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56633无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56606高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56605高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release4.1.x 5.0.2.x CVE-2024-56601高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56600高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56583无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53194无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53174无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53173高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53172无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53171高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53168高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-47668中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-46715中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-41055中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-41013低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-35966无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-35937低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-27388中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-27047中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-26878中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.2.x 5.0.3.x CVE-2024-13176无尚未提供third_party_opensslOpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release4.1.x 5.0.2.x CVE-2023-52501高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.2.x 5.0.3.x CVE-2022-48816无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2021-47200高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年04月[5.0.2.x] [4.1.x]

1 0