- Security-bulletin - lists.openatom.io

2024年11月安全公告
by 王晨 05 Nov '24

05 Nov '24

发布于2024.11.05 备注：OpenHarmony-v4.0-Release分支已停止维护，后续这个分支的安全漏洞不再维护，详情参见： OpenHarmony 4.0-Release分支停止维护公告 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-47797liteos_a内核越界写漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47404liteos_a内核内存二次释放漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47137liteos_a内核越界写漏洞本地攻击者可通过本漏洞获取root权限8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-47402liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-8088高危7.5third_party_pythonOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45028中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45006中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44987高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43892中危4.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43884中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43882高危7.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43871中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43856中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43853中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43828中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42312中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-42305高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42304中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-42302高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42283中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42276中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42271高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42106中危4.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52889中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52623中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52615中危4.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52622中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52616中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52886中危6.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52679中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52898中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44969高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-52635中危4.4kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2023-7013中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x 4.1.x CVE-2023-7012低危2.7web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.0.x 4.1.x 4.1.x CVE-2023-7011中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2023-7010低危2.7web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6777中危4.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-6778低危3.1web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-3172高危8.8web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-3175中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6996低危3.1web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.0.x 4.1.x 4.1.x CVE-2024-7004中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6989中危6.3web_webviewOpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-6119高危7.5third_party_opensslOpenHarmony-v4.0-Release4.0.x CVE-2024-42292中危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-43834中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-44952中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-46798高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-45018中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年11月[4.1.x] [4.0.x]

1 0

2024年10月安全公告
by 王晨 08 Oct '24

08 Oct '24

发布于2024.10.08 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-43696liteos_a内核内存泄露漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-43697liteos_a内核入参检测不完善漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-45382liteos_a内核越界写漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-39806liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-39831访问控制模块释放后使用漏洞本地攻击者取得高权限后可通过本漏洞造成任意代码执行4.4OpenHarmony-v4.1-Releasesecurity_access_token4.1.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-42236中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42232中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42229中危4.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42226中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42161高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42160高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42154高危7.3kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42115中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42114中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42084中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42082中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-42068中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41098中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41087高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41072中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41063中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41041低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41035中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41020中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-41012高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40971低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40961中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40960中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40959中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40942低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40912中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-40905中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-39509低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-39501中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-38615低危3.3kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-36031致命9.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35947中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35884中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35235中危4.4third_party_cupsOpenHarmony-v4.1-Release4.1.x CVE-2024-26984中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26966中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52672高危7.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5496中危6.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5843中危6.5web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-3168高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5840中危6.5web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5839中危6.5web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-7000中危6.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-3170高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-5846高危8.8web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-5844高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-6291中危4.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5499中危4.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-6992中危6.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年10月[4.1.x] [4.0.x]

1 0

2024年9月安全公告
by 王晨 02 Sep '24

02 Sep '24

发布于2024.09.02 CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接 CVE-2024-28044liteos_a整数溢出漏洞本地攻击者可通过本漏洞造成crash3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-41157liteos_a释放后使用漏洞本地攻击者可通过本漏洞获取root权限8.8OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-38386方舟eTS运行时越界读写漏洞本地攻击者通过本漏洞可在预装应用中执行代码8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasearkcompiler_ets_runtime4.0.x 4.1.x CVE-2024-39816方舟eTS运行时越界写漏洞本地攻击者通过本漏洞可在预装应用中执行代码8.4OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasearkcompiler_ets_runtime4.0.x 4.1.x CVE-2024-39775网络管理权限绕过漏洞远程攻击者可通过本漏洞造成信息泄露6.5OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasecommunication_netmanager_base4.0.x 4.1.x CVE-2024-41160liteos_a内核释放后使用漏洞本地攻击者可通过本漏洞获取root权限8.8OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x CVE-2024-38382元能力权限绕过漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.0-Releaseability_ability_runtime4.0.x CVE-2024-39612后台任务管理权限绕过漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.0-Releaseresourceschedule_background_task_mgr4.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-41009中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-41007低危3.3kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39495高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39475中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39472中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39467低危2.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-39276中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38780中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38601中危5.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38596中危5.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38588高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38577高危8.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-38564中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36971高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36489中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36286中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36270中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-34459中危5.5third_party_libxml2OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-34027中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-25739中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-24863中危5.3kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-24858中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-24857中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-22099中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52791中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52498中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x 4.0.x 4.0.x 4.0.x 4.0.x CVE-2022-48810中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48809中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48805低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48804中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47582中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5498中危6.3web_webviewOpenHarmony-v4.1-Release4.1.x CVE-2024-5497低危0.0web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5535中危5.9third_party_opensslOpenHarmony-v4.1-Release4.1.x CVE-2024-5841高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5847高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-24860中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26585中危4.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年09月[4.1.x] [4.0.x]

1 0

2024年8月安全公告
by 王晨 06 Aug '24

06 Aug '24

发布于2024.08.06 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-3914低危3.6web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.0.x 4.1.x CVE-2024-3843低危2.7web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-3841低危2.7web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-4671致命9.6web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-4603中危5.3third_party_opensslOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-4761高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-5274高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-4947高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-3840低危2.7web_webviewOpenHarmony-v4.1-Release4.1.x 4.1.x 4.1.x CVE-2024-4331低危3.1web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.1.x CVE-2024-4558低危3.1web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5158低危2.7web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-3845低危2.7web_webviewOpenHarmony-v4.1-Release4.1.x 4.1.x CVE-2024-35807中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35978中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35950中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-27431中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35815低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5159中危4.7web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-5157低危0.0web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36941中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36940中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36939中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36938中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36929中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36905中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36904高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36903中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36902中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36901中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36899高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36883低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36017低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-36008中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35997中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35984中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35969中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35962中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35955中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35910中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35904中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35896低危2.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35822低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35789中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-35785中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-28182中危5.3third_party_nghttp2OpenHarmony-v4.0-Release4.0.x CVE-2024-27417中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-27414中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-27399中危5.3kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-27013中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26934高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26805低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26801低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26735低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26733低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26601中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52881低危3.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52879低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52869低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52868低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52845中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52835低危3.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52832低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52803中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52781低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52756低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52739低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52730中危4.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52462中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52454中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-47469低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。安全补丁标签链接 2024年08月[4.1.x] [4.0.x]

1 0

2024年7月安全公告
by 王晨 02 Jul '24

02 Jul '24

发布于2024.07.02 CVE漏洞描述漏洞影响严重程度受影响的版本受影响的仓库修复链接 CVE-2024-31071方舟eTS运行时类型混淆漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v4.0-Releasarkcompiler_ets_runtime4.0.x CVE-2024-37030方舟eTS运行时释放后使用漏洞远程攻击者通过本漏洞可在任意应用中执行代码高危OpenHarmony-v4.0-Releasarkcompiler_ets_frontend4.0.x CVE-2024-36243方舟eTS运行时跨界内存读漏洞远程攻击者通过本漏洞可在任意应用中执行代码高危OpenHarmony-v4.0-Releasarkcompiler_ets_runtime4.0.x CVE-2024-36278方舟eTS运行时类型混淆漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v4.0-Releasarkcompiler_ets_runtime4.0.x CVE-2024-36260方舟eTS运行时跨界内存写漏洞远程攻击者通过本漏洞可在任意应用中执行代码高危OpenHarmony-v4.0-Releasarkcompiler_ets_runtime4.0.x CVE-2024-37185方舟eTS运行时跨界内存写漏洞远程攻击者通过本漏洞可在任意应用中执行代码高危OpenHarmony-v4.0-Releasarkcompiler_ets_runtime4.0.x CVE-2024-37077方舟eTS运行时跨界内存写漏洞远程攻击者通过本漏洞可在任意应用中执行代码高危OpenHarmony-v4.0-Releasarkcompiler_ets_runtime4.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2021-47474高危8.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47479高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47483高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47485高危8.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47506高危7.1kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2021-47521高危8.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2022-48655高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2023-52467中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26602中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26852中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26862中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26883高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26884高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26885高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26901中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26903中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-26923低危2.6kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-27004中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-27038低危2.7kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-31755中危5.5third_party_cJSONOpenHarmony-v4.0-Release4.0.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至07月。对应维护版本安全补丁修改方式参考链接 4.1.xhttps://gitee.com/openharmony/startup_init/pulls/2895 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2894

1 0

2024年6月安全公告
by 王晨 04 Jun '24

04 Jun '24

发布于2024.06.04 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-39417低危3.5third_party_mbedtlsOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x CVE-2024-2478中危4.9third_party_wpa_supplicantOpenHarmony-v4.0-Release4.0.x 4.1.x CVE-2024-2398高危7.5third_party_curlOpenHarmony-v4.1-Release4.1.x CVE-2024-2004中危5.3third_party_curlOpenHarmony-v4.1-Release4.1.x CVE-2024-0450中危6.2third_party_pythonOpenHarmony-v4.0-Release4.0.x CVE-2023-6597高危7.8third_party_pythonOpenHarmony-v4.0-Release4.0.x CVE-2023-52474高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52160中危6.5third_party_wpa_supplicantOpenHarmony-v4.0-Release4.0.x CVE-2022-21499中危6.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2022-2078中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2022-1012高危8.2kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2022-0854中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-4001中危4.1kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-33655中危6.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-1059高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-1283高危9.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0810高危7.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0808中危4.3web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-2625高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-1672中危6.1web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0519高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0224高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x 4.0.x CVE-2024-1676中危4.3web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0223高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-1670高危8.6web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0333中危5.3web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-1077高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0518高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0222高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-0807高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x 4.0.x CVE-2024-3157高危8.1web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-3839中危6.5web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x CVE-2024-3516高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-3837高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2024-3159高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-5480中危6.1web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6347高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6703高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6345高危9.6web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6112高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-5482高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x 4.0.x 4.0.x CVE-2023-7024高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6510高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6508高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-5997高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6705高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-6702高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x CVE-2023-5996高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至06月。对应维护版本安全补丁修改方式参考链接 4.1.xhttps://gitee.com/openharmony/startup_init/pulls/2809 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2808

1 0

2024年5月安全公告
by 王晨 07 May '24

07 May '24

发布于2024.05.07 备注：OpenHarmony 3.2-Release分支已停止维护，后续该分支的安全漏洞也不再维护，详情参见： OpenHarmony 3.2-Release分支停止维护公告 CVE漏洞描述漏洞影响严重程度受影响的版本受影响的仓库修复链接 CVE-2024-27217MSDP释放后使用漏洞本地攻击者通过本漏洞可在预装应用中执行任意代码中危OpenHarmony-v4.0-Releasemsdp_device_status4.0.x CVE-2024-23808Ark编译器前端越界读漏洞本地攻击者通过本漏洞可在预装应用中执行任意代码中危OpenHarmony-v4.0-Releasearkcompiler_ets_frontend4.0.x CVE-2024-31078蓝牙服务释放后使用漏洞本地攻击者通过本漏洞造成服务crash低危OpenHarmony-v4.0-Releasecommunication_bluetooth_service4.0.x CVE-2024-3757Ark运行时整数溢出漏洞本地攻击者通过本漏洞造成应用crash低危OpenHarmony-v4.0-Releasearkcompiler_ets_runtime4.0.x CVE-2024-3758Hmdfs堆溢出漏洞本地攻击者通过本漏洞可在TCB中执行任意代码中危OpenHarmony-v4.0-Releasekernel_linux_5.104.0.x CVE-2024-3759Hmdfs释放后使用漏洞本地攻击者通过本漏洞可在TCB中执行任意代码中危OpenHarmony-v4.0-Releasekernel_linux_5.104.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-26614中危5.3kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26606低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26589高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-6176中危4.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-6121中危4.3kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52492中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52486中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52444高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52443中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52438高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52435中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-51779中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-46945中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-33631高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至05月。对应维护版本安全补丁修改方式参考链接 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2728

1 0

2024年4月安全公告
by 王晨 02 Apr '24

02 Apr '24

发布于2024.04.02 CVE漏洞描述漏洞影响严重程度受影响的版本受影响的仓库修复链接 CVE-2024-21834Arkui类型混淆漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkui_ace_engine3.2.x CVE-2024-22177Audio权限管理不当漏洞本地攻击者通过本漏洞造成app crash低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasemultimedia_audio_framework3.2.x CVE-2024-22098AVSession释放后使用漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasemultimedia_av_session3.2.x CVE-2024-22180Camera释放后使用漏洞本地攻击者通过本漏洞造成DOS低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasemultimedia_camera_framework3.2.x 4.0.x CVE-2024-29074Telephony入参检测不完善漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasetelephony_cellular_call3.2.x 3.2.x CVE-2024-22092包管理权限管理不当漏洞远程攻击者通过本漏洞绕过管控安装应用, 但需要本地用户的交互高危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasebundlemanager_bundle_framework3.2.x CVE-2024-24581方舟eTS运行时越界写漏洞本地攻击者通过本漏洞可在任意应用中执行代码中危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasearkcompiler_ets_runtime3.2.x 4.0.x CVE-2024-28226文件系统入参检测不完善漏洞远程攻击者通过本漏洞造成DOS高危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasekernel_linux_5.103.2.x 4.0.x CVE-2024-28951方舟eTS运行时释放后使用漏洞本地攻击者通过本漏洞可在预装应用中执行代码中危OpenHarmony-v4.0-Releasearkcompiler_ets_runtime4.0.x CVE-2024-29086方舟eTS运行时栈溢出漏洞本地攻击者通过本漏洞造成DOS低危OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkcompiler_ets_runtime3.2.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-0641中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2022-48619中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-39197中危4.0kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0584中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-46343中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23851中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23850中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-23849中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0639中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0775高危7.1kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51043高危7.0kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-52340高危7.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-46838高危7.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2022-2503中危6.7kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2014-0069高危8.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-1086高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2015-5157高危8.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2021-46958高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-25062高危7.5third_party_libxml2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-24806致命9.8third_party_libuvOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-22195中危6.1third_party_jinja2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0814中危6.5third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0810中危4.3third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-6040高危7.8kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至04月。对应维护版本安全补丁修改方式参考链接 3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2633 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2632

1 0

2024年3月安全公告
by 王晨 04 Mar '24

04 Mar '24

发布于2024.03.04 CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接 CVE-2023-25176剪切板越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasedistributeddatamgr_pasteboard3.2.x CVE-2023-46708WLAN UAF漏洞本地攻击者通过本漏洞可在任意应用中执行代码4.3OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_wifi3.2.x CVE-2023-49602Arkui 类型混淆漏洞本地攻击者通过本漏洞造成应用崩溃2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkui_ace_engine3.2.x 3.2.x CVE-2024-21816后台任务管理权限管理不当漏洞本地攻击者通过本漏洞绕过鉴权访问数据4.0OpenHarmony-v4.0-Releaseresourceschedule_background_task_mgr4.0.x CVE-2024-21826密钥管理敏感信息泄露漏洞近场攻击者通过本漏洞造成敏感信息泄露4.3OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasesecurity_huks3.2.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-0519高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0518高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0333中危5.3third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0224高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0223高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2024-0222高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-7192中危4.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-7024高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-6531高危7.0kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-6112高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5997高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5996高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5849高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5717高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-5482高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-5480中危6.1third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51782中危4.6kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-51781中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-51780中危4.6kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x CVE-2023-45897致命9.1third_party_exfatprogsOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2022-46908高危7.3third_party_sqliteOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2021-44879中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至03月。对应维护版本安全补丁修改方式参考链接 3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2550 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2549

1 0

2024年2月安全公告
by 王晨 02 Feb '24

02 Feb '24

发布于2024.02.02 CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接 CVE-2023-49118软总线越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x CVE-2023-43756软总线越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x CVE-2023-45734软总线越界写漏洞近场攻击者通过本漏洞执行代码4.2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_dsoftbus3.2.x CVE-2024-21860软总线释放后使用漏洞近场攻击者通过本漏洞在任意应用中执行代码8.2OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-21845软总线整数溢出漏洞近场攻击者通过本漏洞造成堆溢出2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-21851软总线整数溢出漏洞近场攻击者通过本漏洞造成堆溢出2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-21863软总线数据校验不完善的漏洞近场攻击者通过本漏洞造成DOS4.7OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_dsoftbus3.2.x 4.0.x CVE-2024-0285软总线未判断数据长度的漏洞近场攻击者通过本漏洞造成DOS4.7OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Releasecommunication_ipc3.2.x 4.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2023-56785.3中危third_party_opensslOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2023-444298.8高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2023-444468.8高危third_party_gstreamerOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x CVE-2023-65108.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-63459.6致命third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-63478.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-65088.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-68177.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-69317.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-69327.0高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-350017.8高危kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-71047.3高危third_party_sqliteOpenHarmony-v4.0-Release4.0.x CVE-2023-67058.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-67028.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x CVE-2023-67038.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release3.2.x 4.0.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至02月。对应维护版本安全补丁修改方式参考链接 3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2478 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2481

1 0