07 Feb '23
2023年02月安全漏洞
发布于2022.02.07
最后更新于2022.02.07
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2023-0201
CVE-2023-0083
ArkUI框架子系统未对入参进行类型检查导致类型混淆,造成访问非法内存。
攻击者可在本地内发起攻击,造成当前应用崩溃。
4.0
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS
arkui_ace_engine
3.1.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8872>
3.0.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8877>
研究员上报
OpenHarmony-SA-2023-0202
CVE-2023-22301
内核子系统中hmdfs存在内核任意内存越界读漏洞。
攻击者可发起远程攻击,可获取目标系统的内核内存数据。
6.5
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/656>
研究员上报
OpenHarmony-SA-2023-0203
CVE-2023-22436
内核子系统中check_permission_for_set_tokenid函数中存在UAF漏洞。
本地攻击者利用该漏洞攻击可以权限提升,获得root权限。
7.8
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/598>
研究员上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-2347
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/62>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/63>
CVE-2022-4135
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4186
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4438
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4437
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4436
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-41218
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3424
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-4129
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-42328
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3643
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3105
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3104
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3115
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3113
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3112
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3111
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/584>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/585>
CVE-2022-3108
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3107
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/590>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/591>
CVE-2022-3106
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/592>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/593>
CVE-2022-47519
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-43551
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-43552
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-47518
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47520
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47521
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3109
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/71>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/72>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18>
CVE-2022-4662
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/608>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/609>
CVE-2022-3890
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-20568
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/629>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/630>
Security Vulnerabilities in Feburary 2023
published Feburary 7,2023
updated Feburary 7,2023
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2023-0201
CVE-2023-0083
The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.
Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
arkui_ace_engine
3.1.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8872>
3.0.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8877>
Reported by researchers
OpenHarmony-SA-2023-0202
CVE-2023-22301
The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.
Network attackers can launch a remote attack to obtain kernel memory data of the target system.
6.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/656>
Reported by researchers
OpenHarmony-SA-2023-0203
CVE-2023-22436
The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability.
Local attackers can exploit this vulnerability to escalate the privilege to root.
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/598>
Reported by researchers
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-2347
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/62>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/63>
CVE-2022-4135
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4186
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4438
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4437
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4436
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-41218
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3424
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-4129
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-42328
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3643
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3105
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3104
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3115
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3113
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3112
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3111
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/584>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/585>
CVE-2022-3108
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3107
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/590>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/591>
CVE-2022-3106
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/592>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/593>
CVE-2022-47519
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-43551
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-43552
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-47518
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47520
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47521
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3109
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/71>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/72>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18>
CVE-2022-4662
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/608>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/609>
CVE-2022-3890
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-20568
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/629>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/630>
1
0
04 Jan '23
2023年01月安全漏洞
发布于2022.01.03
最后更新于2022.01.03
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2023-0101
CVE-2023-0035
通信子系统软总线部件softbus_client_stub存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。
6.5
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140>
本项目组上报
OpenHarmony-SA-2023-0102
CVE-2023-0036
杂散子系统输入法部件platform_callback_stub存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。
6.5
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
inputmethod_imf
3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2021-3782
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22>
CVE-2022-3046
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3041
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3040
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3039
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3038
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3057
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3195
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3054
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3075
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3373
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3370
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3311
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3316
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3315
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-43680
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22>
CVE-2022-32221
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42916
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42915
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-44638
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11>
3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12>
CVE-2022-40284
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33>
CVE-2022-40303
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-40304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-37454
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35>
CVE-2022-42919
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36>
CVE-2022-45061
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37>
CVE-2020-10735
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26>
CVE-2022-3169
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2022-42895
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-42896
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-41858
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570>
CVE-2022-45934
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-4139
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568>
CVE-2022-20566
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583>
CVE-2022-4378
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
Security Vulnerabilities in January 2023
published January 3,2023
updated January 3,2023
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2023-0101
CVE-2023-0035
softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and attack other SAs with high privilege.
6.5
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140>
Reported by OpenHarmony Team
OpenHarmony-SA-2023-0102
CVE-2023-0036
platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and attack other SAs with high privilege.
6.5
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
inputmethod_imf
3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2021-3782
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22>
CVE-2022-3046
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3041
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3040
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3039
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3038
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3057
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3195
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3054
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3075
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3373
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3370
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3311
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3316
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3315
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-43680
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22>
CVE-2022-32221
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42916
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42915
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-44638
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11>
3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12>
CVE-2022-40284
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33>
CVE-2022-40303
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-40304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-37454
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35>
CVE-2022-42919
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36>
CVE-2022-45061
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37>
CVE-2020-10735
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26>
CVE-2022-3169
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2022-42895
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-42896
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-41858
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570>
CVE-2022-45934
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-4139
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568>
CVE-2022-20566
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583>
CVE-2022-4378
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
1
0
06 Dec '22
2022年12月安全漏洞
发布于2022.12.06
最后更新于2022.12.06
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1201
CVE-2022-45877
跨设备认证中pin码会明文传输到对端设备进行校验,会降低中间人攻击的难度。
攻击者可在局域网发起攻击,绕过权限管控机制,降低中间人攻击的难度。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
distributedhardware_device_manager
applications_hap
security_device_auth
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915>
3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364>
3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351>
本项目组上报
OpenHarmony-SA-2022-1202
CVE-2022-41802
内核子系统kernel_liteos_a中系统调用SysClockGetres存在泄漏内核栈的漏洞。
攻击者可在本地发起攻击,导致编译器自动填充的4字节数据被误拷贝到用户空间,造成内核栈上泄漏4字节内容。
4.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
研究者上报
OpenHarmony-SA-2022-1203
CVE-2022-45126
内核子系统kernel_liteos_a中系统调用SysClockGettime存在泄漏内核栈的漏洞。
攻击者可在本地发起攻击,导致编译器自动填充的4字节数据被误拷贝到用户空间,造成内核栈上泄漏4字节内容。
4.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
研究者上报
OpenHarmony-SA-2022-1204
CVE-2022-43662
内核子系统kernel_liteos_a中系统调用SysTimerGettime存在泄漏内核栈的漏洞。
攻击者可在本地发起攻击,导致编译器自动填充的4字节数据被误拷贝到用户空间,造成内核栈上泄漏4字节内容。
4.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
研究者上报
OpenHarmony-SA-2022-1205
CVE-2022-44455
appspawn and nwebspawn服务 对输入缺少校验,存在内存溢出漏洞。
攻击者可在本地发起攻击,恶意应用可以提升权限或造成应用崩溃。
6.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426>
本项目组上报
OpenHarmony-SA-2022-1206
CVE-2022-45118
通信子系统telephony发送公共事件时带有个人数据,但缺少权限设置。
攻击者可在本地发起攻击,恶意应用可以无权限监听广播获取手机号、短信数据等信息。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
telephony_state_registry
telephony_sms_mms
3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-20422
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3303
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-42703
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41222
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3239
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-20423
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41850
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3586
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3625
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-42432
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3633
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3635
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3629
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3646
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3621
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3567
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-43750
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3545
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3523
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-2602
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3628
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-40768
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3566
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3577
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3606
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3649
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3564
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-20409
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-41849
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-20421
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3435
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42719
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42720
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42721
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42722
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-41674
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3535
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3521
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3524
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3534
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3542
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
CVE-2022-3565
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3594
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
Security Vulnerabilities in December 2022
published December 6,2022
updated December 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1201
CVE-2022-45877
PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks.
8.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
distributedhardware_device_manager
applications_hap
security_device_auth
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915>
3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364>
3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1202
CVE-2022-41802
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
Reported by Researchers
OpenHarmony-SA-2022-1203
CVE-2022-45126
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.
4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
Reported by Researchers
OpenHarmony-SA-2022-1204
CVE-2022-43662
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime.
4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
Reported by Researchers
OpenHarmony-SA-2022-1205
CVE-2022-44455
The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation.
An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
6.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1206
CVE-2022-45118
Telephony in communication subsystem sends public events with personal data, but the permission is not set.
Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
telephony_state_registry
telephony_sms_mms
3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-20422
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3303
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-42703
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41222
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3239
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-20423
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41850
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3586
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3625
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-42432
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3633
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3635
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3629
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3623
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3646
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3621
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3567
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-43750
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3545
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3523
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-2602
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3628
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-40768
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3566
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3577
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3606
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3649
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3564
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-20409
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-41849
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-20421
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3435
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42719
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42720
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42721
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42722
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-41674
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3535
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3521
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3524
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3534
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3542
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
CVE-2022-3565
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3594
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
1
0
01 Nov '22
2022年11月安全漏洞
发布于2022.11.1
最后更新于2022.11.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1101
CVE-2022-43451
启动子系统appspawn和nwebspawn服务存在路径穿越漏洞。
攻击者可在本地发起攻击,造成任意路径穿越,可穿越沙箱。如果结合其他漏洞可进一步获取root权限。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
本项目组上报
OpenHarmony-SA-2022-1102
CVE-2022-43449
download_server存在任意文件读取漏洞。
攻击者可在本地发起攻击,读取文件系统上任意可被download_server访问的文件。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
request_request
3.1.x<https://gitee.com/openharmony/request_request/pulls/207>
本项目组上报
OpenHarmony-SA-2022-1103
CVE-2022-43495
distributedhardware_device_manage在设备组网过程中收到异常报文会导致设备重启。
攻击者可在局域网发起攻击,在设备组网过程中,发送恶意报文,可造成空指针解引用,设备重启。
6.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
distributedhardware_device_manager
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/728>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-2295
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2294
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-26373
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495>
CVE-2022-23816
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29901
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29900
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-2481
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2480
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2478
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2477
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-30790
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50>
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/86/files>
1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48>
CVE-2022-1462
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490>
CVE-2022-1184
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474>
3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475>
CVE-2022-2663
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39190
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-40674
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19>
CVE-2022-3202
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
CVE-2022-3199
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
Security Vulnerabilities in November 2022
published November 1,2022
updated November 1,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1101
CVE-2022-43451
Multiple path traversal in appspawn and nwebspawn services.
Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1102
CVE-2022-43449
Arbitrary file read via download_server.
Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
request_request
3.1.x<https://gitee.com/openharmony/request_request/pulls/207>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1103
CVE-2022-43495
An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.
Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
6.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
distributedhardware_device_manager
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/728>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-2295
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2294
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-26373
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495>
CVE-2022-23816
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29901
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29900
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-2481
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2480
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2478
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2477
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-30790
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50>
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/86/files>
1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48>
CVE-2022-1462
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490>
CVE-2022-1184
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474>
3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475>
CVE-2022-2663
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39190
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39189
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-40674
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19>
CVE-2022-3202
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
CVE-2022-3199
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
1
0
Security Vulnerabilities in October 2022
published October 11,2022
updated October 11,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1001
CVE-2022-42488
Startup subsystem missed permission validation in param service.
Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1002
CVE-2022-42464
Kernel memory pool override in /dev/mmz_userdev device driver
If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
6.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.0.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.1.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1003
CVE-2022-41686
Out-of-bound memory read and write in /dev/mmz_userdev device driver.
If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption.
5.1
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1004
CVE-2022-42463
Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function.
Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
8.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-27405
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0
11 Oct '22
2022年10月安全漏洞
发布于2022.10.11
最后更新于2022.10.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1001
CVE-2022-42488
启动子系统param服务缺少权限校验。
攻击者可在本地发起攻击,获取root权限,关闭安全特性或对任意服务造成DoS攻击。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
本项目组上报
OpenHarmony-SA-2022-1002
CVE-2022-42464
dev/mmz_userdev驱动存在内核内存非法映射漏洞。
攻击者可在本地发起攻击,非法映射内存并进行读写,可提升到root权限或造成设备重启。利用此漏洞需要system UID。
6.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.1.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
本项目组上报
OpenHarmony-SA-2022-1003
CVE-2022-41686
dev/mmz_userdev驱动存在越界读写漏洞。
攻击者可在本地发起攻击,越界读写内存地址,造成内存泄露或崩溃。利用此漏洞需要system UID。
5.1
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
本项目组上报
OpenHarmony-SA-2022-1004
CVE-2022-42463
通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。
攻击者可以在分布式网络发起攻击,发送蓝牙rfcomm报文到任意远程设备,执行任意命令。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-27405
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0
OpenHarmony2022年9月安全漏洞 OpenHarmony Security Vulnerabilities in September 2022
by OpenHarmony-CNA 06 Sep '22
by OpenHarmony-CNA 06 Sep '22
06 Sep '22
2022年9月安全漏洞
发布于2022.9.6
最后更新于2022.9.6
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0901
CVE-2022-36423
cJSON库的错误配置,导致递归解析时存在栈溢出漏洞。
攻击者可在局域网络内发起攻击,对网络内设备发起DoS攻击,导致进程崩溃。
7.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
third_party_cJSON
3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
1.1.x
本项目组上报
OpenHarmony-SA-2022-0902
CVE-2022-38081
安全子系统tokensync系统服务存在对调用者的权限校验绕过漏洞。
攻击者可在局域网络内发起攻击,绕过分布式调用权限管控。利用此漏洞需要额外的一个获取system权限的漏洞。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
security_access_token
3.1.x
本项目组上报
OpenHarmony-SA-2022-0903
CVE-2022-38701
通信子系统分布式软总线模块ipc接口存在堆内存泄露漏洞。
攻击者可在局域网络内发起攻击,绕过分布式调用权限管控。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.1.x
3.0.x
本项目组上报
OpenHarmony-SA-2022-0904
CVE-2022-38064
windowmanager的系统服务存在对调用者的权限校验绕过漏洞。
攻击者可在本地发起攻击,绕过权限管控机制,获取设备敏感信息。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
windowmanager
3.1.x
本项目组上报
OpenHarmony-SA-2022-0905
CVE-2022-38700
多媒体子系统相机服务存在对调用者的权限校验绕过漏洞。
攻击者可在局域网内发起攻击,绕过权限管控机制,访问相机服务。
8.8
OpenHarmony-v3.1-Release
multimedia_camera_standard
3.1.x
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-34918
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-33981
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-33743
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33742
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33741
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33740
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-32981
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32296
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32250
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-29582
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-27666
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-26365
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-2380
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2318
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2153
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21499
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21166
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21125
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21123
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20154
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20153
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20141
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-20132
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20009
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-1998
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1975
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1972
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1852
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1836
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1789
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1652
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1508
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1205
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1204
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1198
中
OpenHarmony-v3.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.1.x
3.0.x
CVE-2022-0644
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-45868
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2021-4135
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-33061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-28713
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28712
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28711
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-26401
中
OpenHarmony-v3.1-Release
3.1.x
CVE-2022-37434
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.1-LTS到OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-1587
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-1586
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2068
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30789
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30788
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30787
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30786
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30785
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30784
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30783
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46790
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32215
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32213
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32212
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46822
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2122
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1925
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1924
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1923
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1922
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1921
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1920
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-34835
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30767
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30552
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32208
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32207
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32206
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32205
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
Security Vulnerabilities in September 2022
published September 6,2022
updated September 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0901
CVE-2022-36423
Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing.
LAN attackers can lead a DoS attack to all network devices.
7.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
third_party_cJSON
3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
1.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0902
CVE-2022-38081
Tokensync in security subsystem has a permission bypass vulnerability.
LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
security_access_token
3.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0903
CVE-2022-38701
IPC in communication subsystem has a heap overflow vulnerability.
Local attackers can trigger a heap overflow and get network sensitive information.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.1.x
3.0.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0904
CVE-2022-38064
windowmanager in window subsystem has a permission bypass vulnerability.
Local attackers can bypass permission control and get sensitive information.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
windowmanager
3.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0905
CVE-2022-38700
multimedia subsystem has a permission bypass vulnerability.
LAN attackers can bypass permission control and get control of camera service.
8.8
OpenHarmony-v3.1-Release
multimedia_camera_standard
3.1.x
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-34918
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-33981
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-33743
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33742
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33741
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33740
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-32981
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32296
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32250
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-29582
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-27666
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-26365
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-2380
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2318
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2153
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21499
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21166
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21125
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21123
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20154
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20153
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20141
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-20132
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20009
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-1998
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1975
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1972
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1852
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1836
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1789
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1652
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1508
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1205
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1204
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1198
Medium
OpenHarmony-v3.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.1.x
3.0.x
CVE-2022-0644
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-45868
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2021-4135
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-33061
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-28713
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28712
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28711
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-26401
Medium
OpenHarmony-v3.1-Release
3.1.x
CVE-2022-37434
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.1-LTS through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-1587
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-1586
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2068
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30789
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30788
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30787
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30786
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30785
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30784
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30783
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46790
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32215
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32213
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32212
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46822
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2122
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1925
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1924
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1923
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1922
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1921
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1920
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-34835
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30767
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30552
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32208
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32207
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32206
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32205
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
1
0
2022年8月安全漏洞
发布于2022.8.2
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0801
NA
电话服务子系统telephony_sms_mms组件DecodeUCS2Data存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0802
NA
电话服务子系统telephony_sms_mms组件DecodeGSMData存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0803
NA
电话服务子系统telephony_sms_mms组件DecodeAddress存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0804
NA
电话服务子系统telephony_sms_mms组件Decode8bitData存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0806
NA
通信子系统分布式软总线组件SendMessage接口存在漏洞,导致权限管控被绕过。
攻击者可在本地发起攻击,绕过权限管控机制,进一步向局域网内设备写入任意数据。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/1668>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-1729
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-29581
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-20008
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1195
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1516
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-30594
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1012
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/237>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/224>
CVE-2022-29824
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/23>
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/21>
CVE-2022-1475
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/41>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/36>
CVE-2022-27406
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-27404
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-1974
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/302>
CVE-2022-1734
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1199
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/333>
CVE-2022-1966
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1786
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1280
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
CVE-2022-45868
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
Security Vulnerabilities in August 2022
published August 2,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0801
NA
DecodeUCS2Data in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0802
NA
DecodeGSMData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0803
NA
DecodeAddress in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0804
NA
Decode8bitData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0806
NA
SendMessage in dsoftbus in communication subsystem has a permission bypass vulnerability.
Local attackers can bypass the permission check, and write any data into network devices.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/1668>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-1729
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-29581
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-20008
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1195
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1516
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-30594
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1012
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/237>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/224>
CVE-2022-29824
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/23>
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/21>
CVE-2022-1475
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/41>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/36>
CVE-2022-27406
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-27404
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-1974
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/302>
CVE-2022-1734
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1199
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/333>
CVE-2022-1966
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1786
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1280
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
CVE-2022-45868
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
1
0
2022年7月安全漏洞
发布于2022.7.5
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0701
NA
通信子系统蓝牙组件存在DoS漏洞,造成进程崩溃。
攻击者可在本地发起攻击,进入超大循环,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
communication_bluetooth
3.0.x<https://gitee.com/openharmony/communication_bluetooth/pulls/179>
本项目组上报
OpenHarmony-SA-2022-0702
NA
升级子系统升级包安装组件存在空指针引用,造成进程崩溃。
攻击者可在本地发起攻击,传入空指针,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
update_updater
3.0.x<https://gitee.com/openharmony/update_updater/pulls/101>
本项目组上报
OpenHarmony-SA-2022-0703
NA
通信子系统软总线存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成权限绕过,可获取系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/142>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-1292
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/48>
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/49>
CVE-2022-27781
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-27782
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-0168
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0330
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0001
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0002
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-23960
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0322
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
CVE-2021-32078
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38205
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38166
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-42739
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2022-0854
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/194>
CVE-2022-23037
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23039
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23040
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23038
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23041
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23042
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23036
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-0998
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2021-4203
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-39633
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-46283
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4149
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4204
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2021-3640
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3669
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3759
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3752
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-27820
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43976
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43975
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4001
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4002
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4037
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12363
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12364
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-39685
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4083
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45095
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-44733
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45469
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4197
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45480
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4155
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4202
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
Security Vulnerabilities in July 2022
published July 5,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0701
NA
The bluetooth in communication subsystem has a DoS vulnerability.
Local attackers can trigger a large loop and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
communication_bluetooth
3.0.x<https://gitee.com/openharmony/communication_bluetooth/pulls/179>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0702
NA
The updater in update subsystem has a null pointer reference vulnerability.
Local attackers can input a nullptr and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
update_updater
3.0.x<https://gitee.com/openharmony/update_updater/pulls/101>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0703
NA
The dsoftbus in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/142>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-1292
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/48>
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/49>
CVE-2022-27781
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-27782
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-0168
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0330
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0001
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0002
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-23960
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0322
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
CVE-2021-32078
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38205
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38166
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-42739
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2022-0854
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/194>
CVE-2022-23037
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23039
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23040
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23038
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23041
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23042
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23036
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-0998
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2021-4203
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-39633
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-46283
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4149
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4204
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2021-3640
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3669
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3759
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3752
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-27820
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43976
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43975
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4001
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4002
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4037
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12363
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12364
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-39685
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4083
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45095
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-44733
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45469
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4197
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45480
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4155
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4202
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
1
0
2022年6月安全漏洞
发布于2022.6.6
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0601
NA
事件通知子系统反序列化对象时会绕过认证机制。
攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
notification_ces_standard
链接<https://gitee.com/openharmony/notification_common_event_service/pulls/269>
本项目组上报
OpenHarmony-SA-2022-0602
NA
事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
notification_ces_standard
链接<https://gitee.com/openharmony/notification_common_event_service/pulls/245>
本项目组上报
OpenHarmony-SA-2022-0603
NA
升级服务组件存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
update_updateservice
链接<https://gitee.com/openharmony/update_updateservice/pulls/115>
本项目组上报
OpenHarmony-SA-2022-0604
NA
多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
multimedia_media_standard
链接<https://gitee.com/openharmony/multimedia_media_standard/pulls/567>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-25313
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25314
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25315
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25235
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25236
严重
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-23308
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_libxml2/pulls/11>
CVE-2022-25375
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-25258
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-0435
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24959
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-44879
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24958
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-45402
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-4160
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/29>
CVE-2022-0778
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2022-0886
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/143>
CVE-2022-1055
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0995
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39698
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0494
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1048
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1016
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39686
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0500
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2022-28390
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28389
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28388
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28893
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-1353
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28356
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2019-16089
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4156
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_libsnd/pulls/10>
CVE-2022-22576
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27775
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27776
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27774
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2021-3520
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_lz4/pulls/2>
CVE-2021-44732
严重
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_mbedtls/pulls/31>
CVE-2021-36690
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_sqlite/pulls/4>
CVE-2021-3732
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-22570
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_protobuf/pulls/26>
CVE-2021-22569
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_protobuf/pulls/27>
Security Vulnerabilities in June 2022
published June 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0601
NA
The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object.
Local attackers can bypass authenication and crash the server process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
notification_ces_standard
Link<https://gitee.com/openharmony/notification_common_event_service/pulls/269>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0602
NA
The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
notification_ces_standard
Link<https://gitee.com/openharmony/notification_common_event_service/pulls/245>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0603
NA
The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
update_updateservice
Link<https://gitee.com/openharmony/update_updateservice/pulls/115>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0604
NA
The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
multimedia_media_standard
Link<https://gitee.com/openharmony/multimedia_media_standard/pulls/567>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-25313
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25314
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25315
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25235
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25236
Critical
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-23308
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_libxml2/pulls/11>
CVE-2022-25375
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-25258
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-0435
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24959
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-44879
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24958
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-45402
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-4160
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/29>
CVE-2022-0778
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2022-0886
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/143>
CVE-2022-1055
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0995
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39698
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0494
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1048
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1016
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39686
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0500
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2022-28390
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28389
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28388
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28893
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-1353
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28356
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2019-16089
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4156
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_libsnd/pulls/10>
CVE-2022-22576
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27775
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27776
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27774
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2021-3520
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_lz4/pulls/2>
CVE-2021-44732
Critical
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_mbedtls/pulls/31>
CVE-2021-36690
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_sqlite/pulls/4>
CVE-2021-3732
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-22570
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_protobuf/pulls/26>
CVE-2021-22569
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_protobuf/pulls/27>
1
0