- Security-bulletin - lists.openatom.io

2025年10月安全公告
by 王晨 09 Oct '25

09 Oct '25

发布于2025.10.09 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-52458arkcompiler_ets_runtime越界访问漏洞特定场景下, 本地攻击者可造成任意代码执行中危5.5OpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Releasearkcompiler_ets_runtime5.1.0.x 5.0.3.x CVE-2025-41432arkcompiler_ets_runtime越界访问漏洞特定场景下, 本地攻击者可造成任意代码执行中危5.5OpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Releasearkcompiler_ets_runtime5.1.0.x 5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-38498无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38497无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38495无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38494无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38481高危8.0kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38476高危7.8kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38473高危8.0kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38465无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38448无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38415无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38395无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38352无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38310中危5.5kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38250无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38192无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2023-52935高危7.8kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4151 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4153

1 0

2025年09月安全公告
by 王晨 02 Sep '25

02 Sep '25

发布于2025.09.02 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-26474communication_ipc 不当输入验证漏洞特定场景下, 本地攻击者可造成信息泄露低危3.3OpenHarmony-v5.0.3-Releasecommunication_ipc5.0.3.x CVE-2025-6969ability_ability_runtime 权限绕过漏洞本地攻击者可造成DOS中危5.0OpenHarmony-v5.0.3-Release) OpenHarmony-v5.1.0-Releaseability_ability_runtime5.0.3.x 5.1.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-38466无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38424无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38347无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38346无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38337无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38328无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38320无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38312无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38285无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38222无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38219无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38218无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38215无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38214无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38212高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38206无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38194中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38181无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38180高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38166无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38163无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38147无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38126无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38125无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38124中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38117无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38111无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38103无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38097无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38095无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38079无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38068无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38067无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38062无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38058无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38057无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38023无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37995中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37980中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37959中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37940低危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37937中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37923低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37862无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37859无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37841中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37839中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37836中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37810低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37808中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37807低危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22113无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22008无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21959无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21922无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21910无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21909无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21881无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21838无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21817中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21766中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21765中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21758无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21708无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58093无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57986中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57982中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57974中危5.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57876高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57850高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56780中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56751无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56719无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-53237无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-53196无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-41062无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-36484无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26947无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26869中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53001中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52621高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52608中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-50167无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-50100无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49967无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49961无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49837无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49801无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49728无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49579无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49513无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49444无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49266无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49169无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47618中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.1.0.xhttps://gitee.com/openharmony/startup_init/pulls/4062 5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/4063

1 0

2025年08月安全公告
by 王晨 05 Aug '25

05 Aug '25

发布于2025.08.05 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-27577kernel_liteos_a 条件竞争漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-25278kernel_liteos_a 条件竞争漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-39728中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37794中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37792无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37785低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37780无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37766无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37756无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37749无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37739无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37738高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-23150无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22121高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22075无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22045无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22035无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22021无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22005中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21956无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21760高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21701低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58237高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58083无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57798高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56769中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56763中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56369中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-27056中危4.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53091无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49910高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49901中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49889中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-20566高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47636高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47634高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/3977

1 0

2025年07月安全公告
by 王晨 01 Jul '25

01 Jul '25

发布于2025.07.01 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 OpenHarmony-4.1-Release分支当前已停止维护，后续这个分支的安全漏洞也不再维护，详情参见社区公告。 OpenHarmony-4.1-Release分支停止维护公告 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-24925applications_settings 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releaseapplications_settings5.0.3.x CVE-2025-27536arkcompiler_ets_runtime类型混淆漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkcompiler_ets_runtime5.0.3.x CVE-2025-24298kernel_liteos_a UAF漏洞本地攻击者可造成DOS高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-27128kernel_liteos_a UAF漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-26690communication_dsoftbus 空指针解引用漏洞本地攻击者可造成任意代码执行低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x CVE-2025-25212distributeddatamgr_pasteboard 不当输入验证漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasedistributeddatamgr_pasteboard5.0.3.x CVE-2025-27562communication_dsoftbus 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x CVE-2025-24844communication_dsoftbus 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-21999高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21926无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21785高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21776无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21764高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21762高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58058中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58020无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58009无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57981中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56720无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56571无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-35823中危5.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-27032中危6.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26982高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26960中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26886中危6.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26779中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26759中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26747中危4.4kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26671中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26665高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53118无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52653中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52619中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49897无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49630无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49443低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49135中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47558中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47432中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47182中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/3905

1 0

2025年06月安全公告
by 王晨 03 Jun '25

03 Jun '25

发布于2025.06.03 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 OpenHarmony-4.1-Release分支当前已停止维护，后续这个分支的安全漏洞也不再维护，详情参见社区公告。 OpenHarmony-4.1-Release分支停止维护公告 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-20063arkui_ace_engine类型混淆漏洞本地攻击者可造成应用crash低危3.3OpenHarmony-v5.0.3-Releasearkui_ace_engine5.0.3.x CVE-2025-21082arkui_ace_engine类型混淆漏洞本地攻击者可造成应用crash低危3.3OpenHarmony-v5.0.3-Releasearkui_ace_engine5.0.3.x CVE-2025-23235arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkcompiler_ets_runtime5.0.3.x CVE-2025-25217arkui_ace_engine空指针解引用漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkui_ace_engine5.0.3.x CVE-2025-24493kernel_liteos_a条件竞争漏洞本地攻击者可造成敏感信息泄露中危5.5OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-27131kernel_liteos_m不当输入验证漏洞本地攻击者可造成DOS中危6.1OpenHarmony-v5.0.3-Releasekernel_liteos_m5.0.3.x CVE-2025-26691电话服务模块权限绕过漏洞本地攻击者可造成敏感信息泄露中危5.5OpenHarmony-v5.0.3-Releasetelephony_call_manager5.0.3.x CVE-2025-26693security_access_token权限绕过漏洞本地攻击者可造成敏感信息泄露低危3.3OpenHarmony-v5.0.3-Releasesecurity_access_token5.0.3.x CVE-2025-27563security_access_token权限绕过漏洞本地攻击者可造成敏感信息泄露低危3.3OpenHarmony-v5.0.3-Releasesecurity_access_token5.0.3.x CVE-2025-27242安全组件管理模块不当输入验证本地攻击者可造成敏感信息泄露低危3.3OpenHarmony-v5.0.3-Releasesecurity_security_component_manager5.0.3.x CVE-2025-27247剪切板模块权限绕过漏洞本地攻击者可造成敏感信息泄露中危5.5OpenHarmony-v5.0.3-Releasedistributeddatamgr_pasteboard5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-21814中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21806中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21728中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21719无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21683中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21648无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58017无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57980中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57977低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57913中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57888无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57884无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-35965无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-27398中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53028中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49651无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49632中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年06月[5.0.3.x]

1 0

2025年04月安全公告
by 王晨 01 Apr '25

01 Apr '25

发布于2025.04.01 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.2-Release分支进行安全漏洞维护, 部分仓已提前开始对OpenHarmony-5.0.3-Release分支进行维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-22851kernel_liteos_a 整数溢出本地攻击者可在受限场景造成任意代码执行中危6.5OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasekernel_liteos_a5.0.2.x 4.1.x CVE-2025-22842arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-25057third_party_NuttX 内存泄露本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasethird_party_NuttX5.0.2.x 4.1.x CVE-2025-27534arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-24304arkcompiler_ets_runtime越界写本地攻击者可造成DOS低危3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-20102arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-22452arkcompiler_ets_runtime越界读本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-57940中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57931无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57924无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57907高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57874中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57849中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-57792中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56739中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56703中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56694中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56692中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56688中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56658高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56647中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56644无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56633无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56606高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56605高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release4.1.x 5.0.2.x CVE-2024-56601高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56600高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-56583无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53194无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53174无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53173高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53172无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53171高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-53168高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-47668中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-46715中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-41055中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-41013低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-35966无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-35937低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-27388中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-27047中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2024-26878中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.2.x 5.0.3.x CVE-2024-13176无尚未提供third_party_opensslOpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release4.1.x 5.0.2.x CVE-2023-52501高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.2.x 5.0.3.x CVE-2022-48816无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x CVE-2021-47200高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.3-Release4.1.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年04月[5.0.2.x] [4.1.x]

1 0

2025年03月安全公告
by 王晨 04 Mar '25

04 Mar '25

发布于2025.03.04 备注：OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2025-0587arkcompiler_ets_runtime整数溢出漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-23234arkcompiler_ets_runtime栈溢出漏洞本地攻击者可造成DOS3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-21098liteos_a内核存在的权限绕过漏洞本地攻击者可造成信息泄露5.5OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasekernel_liteos_a5.0.2.x 4.1.x CVE-2025-20042liteos_a内核越界读漏洞本地攻击者可造成信息泄露5.5OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasekernel_liteos_a5.0.2.x 4.1.x CVE-2025-22443arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-20021arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-21089arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-22897arkcompiler_ets_runtime栈溢出漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-23420arkcompiler_ets_runtime越界写漏洞本地攻击者可造成DOS3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-22835arkcompiler_ets_runtime越界写漏洞本地攻击者可造成DOS3.8OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-21084arkcompiler_ets_runtime空指针解引用漏洞本地攻击者可造成DOS3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-22847arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-23418arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-20024arkcompiler_ets_runtime整数溢出漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-21097arkcompiler_ets_runtime空指针解引用漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-20081communication_dsoftbus UAF漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasecommunication_dsoftbus5.0.2.x 4.1.x CVE-2025-23409communication_dsoftbus UAF漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasecommunication_dsoftbus5.0.2.x 4.1.x CVE-2025-20091communication_dsoftbus UAF漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasecommunication_dsoftbus5.0.2.x 4.1.x CVE-2025-24301arkcompiler_ets_runtime UAF漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-24309arkcompiler_ets_runtime越界写漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-23414arkcompiler_ets_runtime UAF漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-23240arkcompiler_ets_runtime越界写漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-22837arkcompiler_ets_runtime空指针解引用漏洞本地攻击者可造成DOS3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 4.1.x CVE-2025-20011communication_dsoftbus内存泄露漏洞本地攻击者可造成DOS3.3OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Releasecommunication_dsoftbus5.0.2.x 4.1.x CVE-2025-20626arkcompiler_ets_runtime UAF漏洞本地攻击者可在受限场景造成任意代码执行3.8OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x CVE-2025-22841arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.0.2-Releasearkcompiler_ets_runtime5.0.2.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-56756中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56698中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56670中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56629中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56616无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56615高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56587中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56586无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56574中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-56569中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53221中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53218无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53147无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53144无尚未提供kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53104中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53099低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年03月[5.0.2.x] [4.1.x]

1 0

2025年02月安全公告
by 王晨 07 Feb '25

07 Feb '25

发布于2025.02.11 备注：OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2025-0302liteos_a内核整数溢出漏洞本地攻击者可通过本漏洞造成DOS5.5OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x CVE-2025-0303liteos_a内核堆栈溢出漏洞本地攻击者可通过本漏洞获取root权限8.8OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x CVE-2025-0304liteos_a内核UAF漏洞本地攻击者可通过本漏洞获取root权限8.8OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-53142低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53140低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53125低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-53124中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-53079低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-53068低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-53066低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-53063低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-53058中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-53054中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50304低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50302中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50301低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50290高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50268低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50262高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50258中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-50256中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release5.0.2.x 4.1.x CVE-2024-50237中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50195中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50194中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50192中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50191中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50150高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50142中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50135中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50099中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50089低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50013中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49983高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49975中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49949中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47660低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-46826中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-42098中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年02月[5.0.2.x] [4.1.x]

1 0

2025年01月安全公告
by 王晨 07 Jan '25

07 Jan '25

发布于2025.01.07 备注：OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-45070liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x CVE-2024-47398liteos_a内核越界写漏洞本地攻击者可通过本漏洞造成设备无法启动8.8OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x CVE-2024-54030软总线释放后使用漏洞本地攻击者可通过本漏洞造成DOS4.4OpenHarmony-v4.1-Releasecommunication_dsoftbus4.1.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-50154高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50138高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50131高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50082中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50067高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50063低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50058低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50046低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50044中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50038低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50036低危0.0kernel_linux_5.10OpenHarmony-v4.0-Release4.1.x CVE-2024-50035低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50033低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50028低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50024低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50018高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50015中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50014中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50010低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-50006低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49978中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49967中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49960高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49959低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49950中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49948低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49940中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49889低危0.0kernel_linux_5.10OpenHarmony-v4.0-Release4.1.x CVE-2024-49884低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49883低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49882中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49881低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49859低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-49851中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47742中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47740中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47738中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47728低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47726低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47713中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47707中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47705中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47701高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47698高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47697高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47691高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47690中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47685中危4.3kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47684低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47679中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-47678低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2024-44986高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2022-48975低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x CVE-2022-48961低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年01月 [4.1.x]

1 0

2024年11月安全公告
by 王晨 05 Nov '24

05 Nov '24

发布于2024.11.05 备注：OpenHarmony-v4.0-Release分支已停止维护，后续这个分支的安全漏洞不再维护，详情参见： OpenHarmony 4.0-Release分支停止维护公告 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-47797liteos_a内核越界写漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47404liteos_a内核内存二次释放漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47137liteos_a内核越界写漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47402liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-8088高危7.5third_party_pythonOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45028中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45006中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44987高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43892中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43884中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43882高危7.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43871中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43856中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43853中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43828中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42312中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-42305高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42304中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-42302高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42283中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42276中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42271高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42106中危4.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52889中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52623中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52615中危4.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52622中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52616中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52886中危6.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52679中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52898中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44969高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52635中危4.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-7013中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x 4.1.x CVE-2023-7012低危2.7web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.0.x 4.1.x 4.1.x CVE-2023-7011中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2023-7010低危2.7web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6777中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-6778低危3.1web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-3172高危8.8web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-3175中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6996低危3.1web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.0.x 4.1.x 4.1.x CVE-2024-7004中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6989中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6119高危7.5third_party_opensslOpenHarmony-v4.0-Release4.0.x CVE-2024-42292中危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43834中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44952中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-46798高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45018中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年11月[4.1.x] [4.0.x]

1 0