- Security-bulletin - lists.openatom.io

2026年03月安全公告
by 王晨 03 Mar '26

03 Mar '26

发布于2026.03.03 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2026-22801中危6.8third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2026-22695中危6.1third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-66293高危7.1third_party_libpngOpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release6.0.x 5.1.0.x CVE-2025-65018无尚未提供third_party_libpngOpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release6.0.x 5.1.0.x CVE-2025-64720无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-64505无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-39902无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39756无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-12726中危6.3third_party_chromiumOpenHarmony-v6.0-Release6.0.x CVE-2025-10200高危8.8third_party_chromiumOpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x CVE-2022-50266无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4432 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4434 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4431

1 0

2026年02月安全公告
by 王晨 06 Feb '26

06 Feb '26

发布于2026.02.06 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2026-0639LiteOS_a内存泄露漏洞本地攻击者可造成DOS3.3OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Releasekernel_liteos_a6.0.x 5.1.0.x 5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-68340无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68337无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68336无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68312无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68286无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68264无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68261无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-68241无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-64506无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-40319无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40308无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40307无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40248无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40220无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40215无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40173无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40109无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2024-35886高危7.8kernel_linux_5.10OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x CVE-2024-35821中危5.5kernel_linux_5.10OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x CVE-2024-26935中危5.5kernel_linux_5.10OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x CVE-2023-53846无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4360 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4357 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4359

1 0

2026年01月安全公告
by 王晨 06 Jan '26

06 Jan '26

发布于2026.01.06 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-40105无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40102无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40077无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40064无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40054无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40049无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40035无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40021无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-40016无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39946无尚未提供kernel_linux_6.6OpenHarmony-v6.0-Release6.0.x CVE-2025-39914无尚未提供kernel_linux_6.6OpenHarmony-v6.0-Release6.0.x CVE-2025-39806无尚未提供kernel_linux_6.6OpenHarmony-v6.0-Release6.0.x CVE-2025-39782无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-39749无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39702无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2024-47674中危5.7kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release6.0.x 5.1.0.x CVE-2024-38594中危5.5kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release6.0.x 5.1.0.x CVE-2023-53673无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53596无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53594无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53520无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53491无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53482无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2022-49054无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4306 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4315 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4305

1 0

2025年12月安全公告
by 王晨 02 Dec '25

02 Dec '25

发布于2025.12.02 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-12736multimedia_audio_standard 信息泄露漏洞特定场景下, 本地攻击者可造成信息泄露中危6.5OpenHarmony-v5.0.3-Releasemultimedia_audio_standard5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-39994无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39931无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39913无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39905无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39760无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x CVE-2025-39730无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x CVE-2025-39724无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39689无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x CVE-2025-39683无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-38732无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-38702无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x CVE-2025-38694无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x CVE-2025-38680无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.0.3.x CVE-2023-53588无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53577无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53450无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2023-53221无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2022-50552无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2022-50445无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4262 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4261 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4263

1 0

2025年11月安全公告
by 王晨 04 Nov '25

04 Nov '25

发布于2025.11.04 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-25277arkcompiler_ets_runtime类型混淆漏洞特定场景下, 本地攻击者可造成任意代码执行中危6.3OpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Releasearkcompiler_ets_runtime5.1.0 5.0.3 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-38692无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38677低危3.5kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38668中危5.7kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38652低危3.5kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38635中危5.7kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38626中危4.6kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38622中危4.8kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38617低危2.6kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38588无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38587无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38578无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38577无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38565无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38555无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38512无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38499无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38342无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-27809中危5.4third_party_mbedtlsOpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58239低危3.5kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4151 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4223

1 0

2025年10月安全公告
by 王晨 09 Oct '25

09 Oct '25

发布于2025.10.09 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-52458arkcompiler_ets_runtime越界访问漏洞特定场景下, 本地攻击者可造成任意代码执行中危5.5OpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Releasearkcompiler_ets_runtime5.1.0.x 5.0.3.x CVE-2025-41432arkcompiler_ets_runtime越界访问漏洞特定场景下, 本地攻击者可造成任意代码执行中危5.5OpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Releasearkcompiler_ets_runtime5.1.0.x 5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-38498无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38497无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38495无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38494无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38481高危8.0kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38476高危7.8kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38473高危8.0kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38465无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38448无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38415无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38395无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38352无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38310中危5.5kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38250无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-38192无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2023-52935高危7.8kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4151 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4153

1 0

2025年09月安全公告
by 王晨 02 Sep '25

02 Sep '25

发布于2025.09.02 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-26474communication_ipc 不当输入验证漏洞特定场景下, 本地攻击者可造成信息泄露低危3.3OpenHarmony-v5.0.3-Releasecommunication_ipc5.0.3.x CVE-2025-6969ability_ability_runtime 权限绕过漏洞本地攻击者可造成DOS中危5.0OpenHarmony-v5.0.3-Release) OpenHarmony-v5.1.0-Releaseability_ability_runtime5.0.3.x 5.1.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-38466无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38424无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38347无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38346无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38337无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38328无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38320无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38312无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38285无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38222无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38219无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38218无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38215无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38214无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38212高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38206无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38194中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38181无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38180高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38166无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38163无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38147无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38126无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38125无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38124中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38117无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38111无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38103无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38097无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38095无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38079无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38068无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38067无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38062无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38058无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38057无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-38023无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37995中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37980中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37959中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37940低危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37937中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37923低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37862无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37859无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37841中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37839中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37836中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37810低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37808中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37807低危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22113无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22008无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21959无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21922无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21910无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21909无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21881无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21838无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21817中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21766中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21765中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21758无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21708无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58093无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57986中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57982中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57974中危5.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57876高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57850高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56780中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56751无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56719无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-53237无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-53196无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-41062无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-36484无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26947无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26869中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53001中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52621高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52608中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-50167无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-50100无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49967无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49961无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49837无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49801无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49728无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49579无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49513无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49444无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49266无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49169无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47618中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.1.0.xhttps://gitee.com/openharmony/startup_init/pulls/4062 5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/4063

1 0

2025年08月安全公告
by 王晨 05 Aug '25

05 Aug '25

发布于2025.08.05 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-27577kernel_liteos_a 条件竞争漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-25278kernel_liteos_a 条件竞争漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-39728中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37794中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37792无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37785低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37780无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37766无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37756无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37749无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37739无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-37738高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-23150无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22121高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22075无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22045无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22035无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22021无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-22005中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21956无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21760高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21701低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58237高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58083无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57798高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56769中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56763中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56369中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-27056中危4.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53091无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49910高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49901中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49889中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-20566高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47636高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47634高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/3977

1 0

2025年07月安全公告
by 王晨 01 Jul '25

01 Jul '25

发布于2025.07.01 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 OpenHarmony-4.1-Release分支当前已停止维护，后续这个分支的安全漏洞也不再维护，详情参见社区公告。 OpenHarmony-4.1-Release分支停止维护公告 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-24925applications_settings 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releaseapplications_settings5.0.3.x CVE-2025-27536arkcompiler_ets_runtime类型混淆漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkcompiler_ets_runtime5.0.3.x CVE-2025-24298kernel_liteos_a UAF漏洞本地攻击者可造成DOS高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-27128kernel_liteos_a UAF漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-26690communication_dsoftbus 空指针解引用漏洞本地攻击者可造成任意代码执行低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x CVE-2025-25212distributeddatamgr_pasteboard 不当输入验证漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasedistributeddatamgr_pasteboard5.0.3.x CVE-2025-27562communication_dsoftbus 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x CVE-2025-24844communication_dsoftbus 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-21999高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21926无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21785高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21776无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21764高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21762高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58058中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58020无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58009无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57981中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56720无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-56571无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-35823中危5.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-27032中危6.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26982高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26960中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26886中危6.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26779中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26759中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26747中危4.4kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26671中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-26665高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53118无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52653中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-52619中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49897无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49630无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49443低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49135中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47558中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47432中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2021-47182中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。对应维护版本安全补丁修改方式参考链接 5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/3905

1 0

2025年06月安全公告
by 王晨 03 Jun '25

03 Jun '25

发布于2025.06.03 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 OpenHarmony-4.1-Release分支当前已停止维护，后续这个分支的安全漏洞也不再维护，详情参见社区公告。 OpenHarmony-4.1-Release分支停止维护公告 CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接 CVE-2025-20063arkui_ace_engine类型混淆漏洞本地攻击者可造成应用crash低危3.3OpenHarmony-v5.0.3-Releasearkui_ace_engine5.0.3.x CVE-2025-21082arkui_ace_engine类型混淆漏洞本地攻击者可造成应用crash低危3.3OpenHarmony-v5.0.3-Releasearkui_ace_engine5.0.3.x CVE-2025-23235arkcompiler_ets_runtime越界读漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkcompiler_ets_runtime5.0.3.x CVE-2025-25217arkui_ace_engine空指针解引用漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkui_ace_engine5.0.3.x CVE-2025-24493kernel_liteos_a条件竞争漏洞本地攻击者可造成敏感信息泄露中危5.5OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x CVE-2025-27131kernel_liteos_m不当输入验证漏洞本地攻击者可造成DOS中危6.1OpenHarmony-v5.0.3-Releasekernel_liteos_m5.0.3.x CVE-2025-26691电话服务模块权限绕过漏洞本地攻击者可造成敏感信息泄露中危5.5OpenHarmony-v5.0.3-Releasetelephony_call_manager5.0.3.x CVE-2025-26693security_access_token权限绕过漏洞本地攻击者可造成敏感信息泄露低危3.3OpenHarmony-v5.0.3-Releasesecurity_access_token5.0.3.x CVE-2025-27563security_access_token权限绕过漏洞本地攻击者可造成敏感信息泄露低危3.3OpenHarmony-v5.0.3-Releasesecurity_access_token5.0.3.x CVE-2025-27242安全组件管理模块不当输入验证本地攻击者可造成敏感信息泄露低危3.3OpenHarmony-v5.0.3-Releasesecurity_security_component_manager5.0.3.x CVE-2025-27247剪切板模块权限绕过漏洞本地攻击者可造成敏感信息泄露中危5.5OpenHarmony-v5.0.3-Releasedistributeddatamgr_pasteboard5.0.3.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2025-21814中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21806中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21728中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21719无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21683中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2025-21648无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-58017无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57980中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57977低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57913中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57888无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-57884无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-35965无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2024-27398中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2023-53028中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49651无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x CVE-2022-49632中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2025年06月[5.0.3.x]

1 0