Security-bulletin

security@openharmony.io

1 participants
25 discussions

Start a nNew thread

撤回: OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023

by Zhangadong (zhangadong, OS)

Zhangadong (zhangadong, OS) 将撤回邮件“OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023”。

11 months, 1 week

OpenHarmony 2023年05月安全公告 Security Vulnerabilities in May 2023

by Liuxu (louis)

2023年05月安全漏洞发布于2023.05.09 最后更新于2023.05.09 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度 CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2021-36647 中 4.7 third_party_mbedtls device_hisilicon_hispark_taurus OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129> CVE-2023-1382 中 5.5 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805> CVE-2023-0386 中 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1281 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-28772 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1637 低 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2021-3923 低 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1380 高 7.1 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1582 中 4.7 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766> CVE-2022-48434 高 8.1 third_party_ffmpeg OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81> 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83> CVE-2023-1838 中 5.3 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774> CVE-2023-1838 中 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1855 中 6.3 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-30456 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2022-45934 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130> CVE-2022-2978 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122> CVE-2022-29581 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1989 高 7.0 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1829 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1990 中 4.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1859 中 6.4 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-2004 中 5.3 third_party_freetype OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51> 3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52> 3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53> CVE-2023-2006 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812> CVE-2023-2008 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788> Security Vulnerabilities in May 2023 published May 9,2023 updated May 9,2023 The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity CVSS3.1 affected repository affected OpenHarmony versions fix link CVE-2021-36647 Medium 4.7 third_party_mbedtls device_hisilicon_hispark_taurus OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129> CVE-2023-1382 Medium 5.5 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805> CVE-2023-0386 Medium 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1281 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-28772 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1637 Low 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2021-3923 Low 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120> CVE-2023-1380 High 7.1 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1582 Medium 4.7 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766> CVE-2022-48434 High 8.1 third_party_ffmpeg OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81> 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83> CVE-2023-1838 Medium 5.3 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774> CVE-2023-1838 Medium 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1855 Medium 6.3 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-30456 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2022-45934 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130> CVE-2022-2978 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122> CVE-2022-29581 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125> CVE-2023-1989 High 7.0 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1829 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1990 Medium 4.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-1859 Medium 6.4 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803> CVE-2023-2004 Medium 5.3 third_party_freetype OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51> 3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52> 3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53> CVE-2023-2006 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812> CVE-2023-2008 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788>

1 year

OpenHarmony 2023年04月安全公告 Security Vulnerabilities in April 2023

by Liuxu (louis)

2023年04月安全漏洞发布于2023.04.04 最后更新于2023.04.04 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度 CVSS3.1 受影响的OpenHarmony版本修复链接 CVE-2023-0597 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/705> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/706> CVE-2022-30787 中 6.7 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1 3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/18> CVE-2015-20107 高 7.6 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/45> CVE-2022-33068 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.1.1-LTS到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/47> 3.0.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/48> 1.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/49> CVE-2022-4904 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_cares/pulls/12> 3.0.x<https://gitee.com/openharmony/third_party_cares/pulls/11> CVE-2022-3594 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/100> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/101> CVE-2023-22995 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-22999 中 5.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/733> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/734> CVE-2023-26545 中 6.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2022-47929 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2022-2873 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2023-23559 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2023-1118 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-1118 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2022-1652 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2021-3760 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2021-37576 高 7.8 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/106> CVE-2023-0461 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-0461 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2023-23455 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2023-26545 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2022-0480 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2023-1076 中 4.7 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-1073 中 6.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738> CVE-2023-1074 中 4.7 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738> CVE-2023-1078 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-1095 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/708> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/709> CVE-2023-23000 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-23002 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/711> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/712> CVE-2023-23004 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-23006 高 8.4 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/713> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/714> CVE-2023-26607 中 5.2 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746> CVE-2023-0030 高 7.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/111> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/112> CVE-2023-23000 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/117> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/118> CVE-2023-1252 高 7.0 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/723> CVE-2023-1390 高 7.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115> CVE-2023-1078 中 5.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115> CVE-2023-1074 中 4.7 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115> CVE-2023-28328 中 5.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746> CVE-2023-0464 中 5.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/95> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/96> CVE-2023-1637 低 3.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/758> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/759> CVE-2023-0465 中 5.6 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100> CVE-2023-0466 中 5.6 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100> Security Vulnerabilities in April 2023 published April 4,2023 updated April 4,2023 The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity CVSS3.1 affected OpenHarmony versions fix link CVE-2023-0597 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/705> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/706> CVE-2022-30787 Medium 6.7 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1 3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/18> CVE-2015-20107 High 7.6 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/45> CVE-2022-33068 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.1.1-LTS through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/47> 3.0.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/48> 1.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/49> CVE-2022-4904 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_cares/pulls/12> 3.0.x<https://gitee.com/openharmony/third_party_cares/pulls/11> CVE-2022-3594 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/100> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/101> CVE-2023-22995 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-22999 Medium 5.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/733> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/734> CVE-2023-26545 Medium 6.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2022-47929 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2022-2873 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2023-23559 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2023-1118 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-1118 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2022-1652 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2021-3760 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2021-37576 High 7.8 OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/106> CVE-2023-0461 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-0461 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2023-23455 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104> CVE-2023-26545 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2022-0480 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108> CVE-2023-1076 Medium 4.7 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-1073 Medium 6.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738> CVE-2023-1074 Medium 4.7 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738> CVE-2023-1078 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-1095 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/708> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/709> CVE-2023-23000 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-23002 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/711> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/712> CVE-2023-23004 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726> CVE-2023-23006 High 8.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/713> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/714> CVE-2023-26607 Medium 5.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746> CVE-2023-0030 High 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/111> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/112> CVE-2023-23000 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/117> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/118> CVE-2023-1252 High 7.0 OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/723> CVE-2023-1390 High 7.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115> CVE-2023-1078 Medium 5.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115> CVE-2023-1074 Medium 4.7 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115> CVE-2023-28328 Medium 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746> CVE-2023-0464 Medium 5.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/95> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/96> CVE-2023-1637 Low 3.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/758> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/759> CVE-2023-0465 Medium 5.6 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100> CVE-2023-0466 Medium 5.6 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100>

1 year, 1 month

OpenHarmony 2023年03月安全公告 Security Vulnerabilities in March 2023

by Liuxu (louis)

2023年03月安全漏洞发布于2023.03.07 最后更新于2023.03.07 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2023-0301 CVE-2023-24465 WLAN组件子系统通信设备服务的一个接口，在接受外部数据时存在空指针引用。本地攻击者利用此漏洞，可导致当前应用crash。 5.5 OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS communication_wifi 3.1.x<https://gitee.com/openharmony/communication_wifi/pulls/788> 3.0.x<https://gitee.com/openharmony/communication_wifi/pulls/862> 本项目组上报 OpenHarmony-SA-2023-0302 CVE-2023-25947 包管理模块存在安装hap包时没有做有效性判断的漏洞。本地攻击者利用此漏洞构造非法数据，在安装hap包时可以导致系统无响应。 6.2 OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release bundlemanager_bundle_framework 3.1.x<https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/3094> 本项目组上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2022-47946 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-2196 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/665> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/666> CVE-2023-0047 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/631> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/632> CVE-2023-23559 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2022-3640 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/659> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/660> CVE-2022-47929 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678> CVE-2023-0179 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2023-0394 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678> CVE-2023-23454 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2023-23455 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2023-0590 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/687> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/688> CVE-2023-0615 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697> CVE-2023-0045 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697> CVE-2023-20938 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697> CVE-2022-3176 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561> CVE-2023-0045 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/96> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/97> CVE-2022-3028 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/98> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/99> CVE-2020-36516 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/682> CVE-2022-3341 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/74> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/73> 1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/19> CVE-2022-4450 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/80> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/81> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/82> CVE-2023-0286 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86> CVE-2023-0215 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86> CVE-2022-4304 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/87> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/88> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/89> CVE-2021-41751 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/101> 3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/102> CVE-2021-43453 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/103> 3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/104> CVE-2022-1304 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51> 3.0.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/52> CVE-2023-23914 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112> CVE-2023-23915 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112> CVE-2023-23916 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112> CVE-2020-35538 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/250> 3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/251> CVE-2022-37434 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/247> 3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/248> Security Vulnerabilities in Feburary 2023 published March 7,2023 updated March 7,2023 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2023-0301 CVE-2023-24465 Communication Wi-Fi subsystem has a null pointer reference vulnerability when receiving external data. Local attackers can exploit this vulnerability to cause the current application to crash. 5.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS communication_wifi 3.1.x<https://gitee.com/openharmony/communication_wifi/pulls/788> 3.0.x<https://gitee.com/openharmony/communication_wifi/pulls/862> Reported by OpenHarmony Team OpenHarmony-SA-2023-0302 CVE-2023-25947 The bundle management subsystem has a improper input validation when installing a HAP package. Local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release bundlemanager_bundle_framework 3.1.x<https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/3094> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-47946 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-2196 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/665> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/666> CVE-2023-0047 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/631> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/632> CVE-2023-23559 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2022-3640 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/659> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/660> CVE-2022-47929 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678> CVE-2023-0179 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2023-0394 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678> CVE-2023-23454 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2023-23455 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662> CVE-2023-0590 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/687> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/688> CVE-2023-0615 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697> CVE-2023-0045 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697> CVE-2023-20938 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697> CVE-2022-3176 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561> CVE-2023-0045 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/96> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/97> CVE-2022-3028 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/98> 3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/99> CVE-2020-36516 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/682> CVE-2022-3341 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/74> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/73> 1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/19> CVE-2022-4450 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/80> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/81> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/82> CVE-2023-0286 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86> CVE-2023-0215 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86> CVE-2022-4304 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/87> 3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/88> 1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/89> CVE-2021-41751 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/101> 3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/102> CVE-2021-43453 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/103> 3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/104> CVE-2022-1304 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51> 3.0.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/52> CVE-2023-23914 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112> CVE-2023-23915 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112> CVE-2023-23916 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112> CVE-2020-35538 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/250> 3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/251> CVE-2022-37434 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS 3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/247> 3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/248>

1 year, 2 months

OpenHarmony 2023年02月安全公告 Security Vulnerabilities in Feburary 2023

by Liuxu (louis)

2023年02月安全漏洞发布于2022.02.07 最后更新于2022.02.07 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2023-0201 CVE-2023-0083 ArkUI框架子系统未对入参进行类型检查导致类型混淆，造成访问非法内存。攻击者可在本地内发起攻击，造成当前应用崩溃。 4.0 OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS arkui_ace_engine 3.1.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8872> 3.0.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8877> 研究员上报 OpenHarmony-SA-2023-0202 CVE-2023-22301 内核子系统中hmdfs存在内核任意内存越界读漏洞。攻击者可发起远程攻击，可获取目标系统的内核内存数据。 6.5 OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release kernel_linux_5.10 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/656> 研究员上报 OpenHarmony-SA-2023-0203 CVE-2023-22436 内核子系统中check_permission_for_set_tokenid函数中存在UAF漏洞。本地攻击者利用该漏洞攻击可以权限提升，获得root权限。 7.8 OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release kernel_linux_5.10 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/598> 研究员上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2022-2347 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/62> 3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/63> CVE-2022-4135 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4186 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4438 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4437 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4436 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-41218 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-3424 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-4129 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-42328 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-3643 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-3105 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3104 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3115 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3113 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3112 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3111 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/584> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/585> CVE-2022-3108 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-3107 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/590> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/591> CVE-2022-3106 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/592> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/593> CVE-2022-47519 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-43551 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101> CVE-2022-43552 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101> CVE-2022-47518 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-47520 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-47521 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-3109 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/71> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/72> 1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18> CVE-2022-4662 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/608> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/609> CVE-2022-3890 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-20568 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/629> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/630> Security Vulnerabilities in Feburary 2023 published Feburary 7,2023 updated Feburary 7,2023 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2023-0201 CVE-2023-0083 The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access. Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS arkui_ace_engine 3.1.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8872> 3.0.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8877> Reported by researchers OpenHarmony-SA-2023-0202 CVE-2023-22301 The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability. Network attackers can launch a remote attack to obtain kernel memory data of the target system. 6.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release kernel_linux_5.10 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/656> Reported by researchers OpenHarmony-SA-2023-0203 CVE-2023-22436 The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability. Local attackers can exploit this vulnerability to escalate the privilege to root. 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release kernel_linux_5.10 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/598> Reported by researchers The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-2347 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/62> 3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/63> CVE-2022-4135 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4186 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4438 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4437 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-4436 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-41218 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-3424 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-4129 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-42328 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-3643 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647> CVE-2022-3105 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3104 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3115 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3113 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3112 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580> CVE-2022-3111 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/584> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/585> CVE-2022-3108 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-3107 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/590> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/591> CVE-2022-3106 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/592> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/593> CVE-2022-47519 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-43551 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101> CVE-2022-43552 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101> CVE-2022-47518 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-47520 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-47521 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-3109 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/71> 3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/72> 1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18> CVE-2022-4662 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/608> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/609> CVE-2022-3890 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/546> CVE-2022-20568 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/629> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/630>

1 year, 3 months

OpenHarmony 2023年01月安全公告 Security Vulnerabilities in January 2023

by Liuxu (louis)

2023年01月安全漏洞发布于2022.01.03 最后更新于2022.01.03 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2023-0101 CVE-2023-0035 通信子系统软总线部件softbus_client_stub存在校验绕过漏洞，可发起SA中继攻击。攻击者可在本地内发起攻击，造成校验绕过，可进一步提权攻击其他SA。 6.5 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS communication_dsoftbus 3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140> 本项目组上报 OpenHarmony-SA-2023-0102 CVE-2023-0036 杂散子系统输入法部件platform_callback_stub存在校验绕过漏洞，可发起SA中继攻击。攻击者可在本地内发起攻击，造成校验绕过，可进一步提权攻击其他SA。 6.5 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS inputmethod_imf 3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228> 本项目组上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2021-3782 严重 OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22> CVE-2022-3046 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3041 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3040 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3039 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3038 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3057 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3195 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3054 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3075 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3373 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3370 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3311 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3316 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3315 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3304 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-43680 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23> 3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22> CVE-2022-32221 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90> CVE-2022-42916 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90> CVE-2022-42915 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90> CVE-2022-44638 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11> 3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12> CVE-2022-40284 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33> CVE-2022-40303 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32> CVE-2022-40304 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32> CVE-2022-37454 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35> CVE-2022-42919 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36> CVE-2022-45061 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37> CVE-2020-10735 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26> CVE-2022-3169 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561> CVE-2022-42895 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545> CVE-2022-42896 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545> CVE-2022-41858 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570> CVE-2022-45934 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-4139 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568> CVE-2022-20566 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583> CVE-2022-4378 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> Security Vulnerabilities in January 2023 published January 3,2023 updated January 3,2023 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2023-0101 CVE-2023-0035 softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and attack other SAs with high privilege. 6.5 OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS communication_dsoftbus 3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140> Reported by OpenHarmony Team OpenHarmony-SA-2023-0102 CVE-2023-0036 platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack". Local attackers can bypass authentication and attack other SAs with high privilege. 6.5 OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS inputmethod_imf 3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2021-3782 Critical OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22> CVE-2022-3046 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3041 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3040 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3039 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3038 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3057 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3195 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3054 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3075 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> CVE-2022-3373 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3370 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3311 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3316 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3315 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-3304 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/464> CVE-2022-43680 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23> 3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22> CVE-2022-32221 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90> CVE-2022-42916 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90> CVE-2022-42915 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90> CVE-2022-44638 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11> 3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12> CVE-2022-40284 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33> CVE-2022-40303 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32> CVE-2022-40304 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31> 3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32> CVE-2022-37454 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35> CVE-2022-42919 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36> CVE-2022-45061 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37> CVE-2020-10735 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26> CVE-2022-3169 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561> CVE-2022-42895 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545> CVE-2022-42896 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545> CVE-2022-41858 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570> CVE-2022-45934 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587> CVE-2022-4139 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568> CVE-2022-20566 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583> CVE-2022-4378 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>

1 year, 4 months

OpenHarmony 2022年12月安全公告 Security Vulnerabilities in December 2022

by Liuxu (louis)

2022年12月安全漏洞发布于2022.12.06 最后更新于2022.12.06 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2022-1201 CVE-2022-45877 跨设备认证中pin码会明文传输到对端设备进行校验，会降低中间人攻击的难度。攻击者可在局域网发起攻击，绕过权限管控机制，降低中间人攻击的难度。 8.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release distributedhardware_device_manager applications_hap security_device_auth 3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915> 3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364> 3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351> 本项目组上报 OpenHarmony-SA-2022-1202 CVE-2022-41802 内核子系统kernel_liteos_a中系统调用SysClockGetres存在泄漏内核栈的漏洞。攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。 4.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> 研究者上报 OpenHarmony-SA-2022-1203 CVE-2022-45126 内核子系统kernel_liteos_a中系统调用SysClockGettime存在泄漏内核栈的漏洞。攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。 4.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> 研究者上报 OpenHarmony-SA-2022-1204 CVE-2022-43662 内核子系统kernel_liteos_a中系统调用SysTimerGettime存在泄漏内核栈的漏洞。攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。 4.0 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> 研究者上报 OpenHarmony-SA-2022-1205 CVE-2022-44455 appspawn and nwebspawn服务对输入缺少校验，存在内存溢出漏洞。攻击者可在本地发起攻击，恶意应用可以提升权限或造成应用崩溃。 6.8 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS startup_appspawn 3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361> 3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426> 本项目组上报 OpenHarmony-SA-2022-1206 CVE-2022-45118 通信子系统telephony发送公共事件时带有个人数据，但缺少权限设置。攻击者可在本地发起攻击，恶意应用可以无权限监听广播获取手机号、短信数据等信息。 6.2 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release telephony_state_registry telephony_sms_mms 3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224> 3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615> 本项目组上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2022-20422 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3303 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-42703 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41222 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3239 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-20423 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41850 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3586 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3625 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-42432 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3633 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3635 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3629 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3623 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3646 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3621 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3567 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-43750 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3545 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3523 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-2602 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3628 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-40768 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3566 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3577 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3606 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3649 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3564 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-20409 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-41849 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-20421 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3435 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42719 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42720 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42721 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42722 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-41674 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3535 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3521 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3524 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3534 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3542 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> CVE-2022-3565 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3594 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> Security Vulnerabilities in December 2022 published December 6,2022 updated December 6,2022 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2022-1201 CVE-2022-45877 PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks. 8.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release distributedhardware_device_manager applications_hap security_device_auth 3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915> 3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364> 3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351> Reported by OpenHarmony Team OpenHarmony-SA-2022-1202 CVE-2022-41802 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> Reported by Researchers OpenHarmony-SA-2022-1203 CVE-2022-45126 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> Reported by Researchers OpenHarmony-SA-2022-1204 CVE-2022-43662 Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS kernel_liteos_a 3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065> 3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066> 1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075> Reported by Researchers OpenHarmony-SA-2022-1205 CVE-2022-44455 The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. 6.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS startup_appspawn 3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361> 3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426> Reported by OpenHarmony Team OpenHarmony-SA-2022-1206 CVE-2022-45118 Telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release telephony_state_registry telephony_sms_mms 3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224> 3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-20422 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3303 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-42703 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41222 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3239 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-20423 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-41850 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508> CVE-2022-3586 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3625 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-42432 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3633 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3635 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3629 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3623 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3646 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3621 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3567 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-43750 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3545 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3523 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-2602 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-3628 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537> CVE-2022-40768 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3566 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3577 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3606 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3649 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-3564 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-20409 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506> CVE-2022-41849 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-20421 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3435 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42719 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42720 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42721 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-42722 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-41674 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3535 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3521 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3524 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3534 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3542 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> CVE-2022-3565 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503> CVE-2022-3594 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

1 year, 5 months

OpenHarmony 2022年11月安全公告 Security Vulnerabilities in November 2022

by Liuxu (louis)

2022年11月安全漏洞发布于2022.11.1 最后更新于2022.11.11 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2022-1101 CVE-2022-43451 启动子系统appspawn和nwebspawn服务存在路径穿越漏洞。攻击者可在本地发起攻击，造成任意路径穿越，可穿越沙箱。如果结合其他漏洞可进一步获取root权限。 8.4 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release startup_appspawn 3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361> 本项目组上报 OpenHarmony-SA-2022-1102 CVE-2022-43449 download_server存在任意文件读取漏洞。攻击者可在本地发起攻击，读取文件系统上任意可被download_server访问的文件。 6.2 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release request_request 3.1.x<https://gitee.com/openharmony/request_request/pulls/207> 本项目组上报 OpenHarmony-SA-2022-1103 CVE-2022-43495 distributedhardware_device_manage在设备组网过程中收到异常报文会导致设备重启。攻击者可在局域网发起攻击，在设备组网过程中，发送恶意报文，可造成空指针解引用，设备重启。 6.5 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release distributedhardware_device_manager 3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/728> 本项目组上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2022-2295 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2294 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-26373 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495> CVE-2022-23816 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494> CVE-2022-29901 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494> CVE-2022-29900 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494> CVE-2022-2481 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2480 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2478 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2477 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-30790 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS 3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50> 3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247> 3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/86/files> 1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48> CVE-2022-1462 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490> CVE-2022-1184 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474> 3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475> CVE-2022-2663 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489> CVE-2022-39190 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489> CVE-2022-39189 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489> CVE-2022-40674 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20> 3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19> CVE-2022-3202 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464> CVE-2022-3199 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349> Security Vulnerabilities in November 2022 published November 1,2022 updated November 1,2022 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2022-1101 CVE-2022-43451 Multiple path traversal in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. 8.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release startup_appspawn 3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361> Reported by OpenHarmony Team OpenHarmony-SA-2022-1102 CVE-2022-43449 Arbitrary file read via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. 6.2 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release request_request 3.1.x<https://gitee.com/openharmony/request_request/pulls/207> Reported by OpenHarmony Team OpenHarmony-SA-2022-1103 CVE-2022-43495 An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot. 6.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release distributedhardware_device_manager 3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/728> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-2295 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2294 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-26373 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495> CVE-2022-23816 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494> CVE-2022-29901 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494> CVE-2022-29900 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494> CVE-2022-2481 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2480 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2478 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-2477 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31> CVE-2022-30790 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS 3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50> 3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247> 3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/86/files> 1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48> CVE-2022-1462 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490> CVE-2022-1184 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474> 3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475> CVE-2022-2663 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489> CVE-2022-39190 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489> CVE-2022-39189 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489> CVE-2022-40674 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20> 3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19> CVE-2022-3202 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464> CVE-2022-3199 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>

1 year, 6 months

Security Vulnerabilities in October 2022

by Liuxu (louis)

Security Vulnerabilities in October 2022 published October 11,2022 updated October 11,2022 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2022-1001 CVE-2022-42488 Startup subsystem missed permission validation in param service. Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. 8.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release startup_init_lite 3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104> 3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074> Reported by OpenHarmony Team OpenHarmony-SA-2022-1002 CVE-2022-42464 Kernel memory pool override in /dev/mmz_userdev device driver If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. 6.7 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS device_board_hisilicon device_hisilicon_hi3516dv300 3.0.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135> 3.1.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87> Reported by OpenHarmony Team OpenHarmony-SA-2022-1003 CVE-2022-41686 Out-of-bound memory read and write in /dev/mmz_userdev device driver. If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption. 5.1 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS device_board_hisilicon device_hisilicon_hispark_taurus 3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127> Reported by OpenHarmony Team OpenHarmony-SA-2022-1004 CVE-2022-42463 Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. 8.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release communication_dsoftbus 3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-27405 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32> 3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31> 1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30> CVE-2022-2959 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436> CVE-2022-2991 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436> CVE-2022-2938 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434> CVE-2022-2586 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2588 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2585 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2503 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435> CVE-2022-20369 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-20368 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2639 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2022-36123 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-36946 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2022-36879 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369> CVE-2022-2327 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2022-21505 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368> CVE-2021-33655 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2021-33656 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369> CVE-2022-2861 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2860 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2613 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2612 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2610 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2607 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2606 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2624 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2623 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2620 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2619 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2617 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2616 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2615 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2614 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-35737 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38> 3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37> CVE-2022-2415 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35> CVE-2022-1919 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35> CVE-2022-35252 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86> CVE-2022-3028 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442> CVE-2022-2977 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442> CVE-2022-2964 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442> CVE-2022-39188 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-3078 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-2905 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-39842 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-3061 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444> CVE-2021-29921 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19> CVE-2022-0391 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23> CVE-2021-3737 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20> CVE-2021-4189 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21> CVE-2021-3733 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22> CVE-2021-28861 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24> CVE-2022-40307 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>

1 year, 7 months

OpenHarmony 2022年10月安全公告 Security Vulnerabilities in October 2022

by Liuxu (louis)

2022年10月安全漏洞发布于2022.10.11 最后更新于2022.10.11 漏洞编号相关漏洞漏洞描述漏洞影响 CVSS3.1基础得分受影响的版本受影响的仓库修复链接参考链接 OpenHarmony-SA-2022-1001 CVE-2022-42488 启动子系统param服务缺少权限校验。攻击者可在本地发起攻击，获取root权限，关闭安全特性或对任意服务造成DoS攻击。 8.4 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release startup_init_lite 3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104> 3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074> 本项目组上报 OpenHarmony-SA-2022-1002 CVE-2022-42464 dev/mmz_userdev驱动存在内核内存非法映射漏洞。攻击者可在本地发起攻击，非法映射内存并进行读写，可提升到root权限或造成设备重启。利用此漏洞需要system UID。 6.7 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS device_board_hisilicon device_hisilicon_hi3516dv300 3.1.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87> 本项目组上报 OpenHarmony-SA-2022-1003 CVE-2022-41686 dev/mmz_userdev驱动存在越界读写漏洞。攻击者可在本地发起攻击，越界读写内存地址，造成内存泄露或崩溃。利用此漏洞需要system UID。 5.1 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS device_board_hisilicon device_hisilicon_hispark_taurus 3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287> 3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127> 本项目组上报 OpenHarmony-SA-2022-1004 CVE-2022-42463 通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。攻击者可以在分布式网络发起攻击，发送蓝牙rfcomm报文到任意远程设备，执行任意命令。 8.3 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release communication_dsoftbus 3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348> 本项目组上报以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度受影响的OpenHarmony版本修复链接 CVE-2022-27405 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32> 3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31> 1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30> CVE-2022-2959 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436> CVE-2022-2991 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436> CVE-2022-2938 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434> CVE-2022-2586 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2588 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2585 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2503 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435> CVE-2022-20369 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-20368 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-2639 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2022-36123 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402> CVE-2022-36946 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2022-36879 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369> CVE-2022-2327 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2022-21505 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368> CVE-2021-33655 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392> CVE-2021-33656 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369> CVE-2022-2861 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2860 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2613 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2612 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2610 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2607 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2606 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2624 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2623 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2620 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2619 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2617 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2616 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2615 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-2614 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/web_webview/pulls/274> CVE-2022-35737 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38> 3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37> CVE-2022-2415 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35> CVE-2022-1919 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35> CVE-2022-35252 低 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS 3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83> 3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85> 1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86> CVE-2022-3028 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442> CVE-2022-2977 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442> CVE-2022-2964 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442> CVE-2022-39188 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-3078 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-2905 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-39842 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477> CVE-2022-3061 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444> CVE-2021-29921 严重 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19> CVE-2022-0391 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23> CVE-2021-3737 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20> CVE-2021-4189 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21> CVE-2021-3733 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22> CVE-2021-28861 高 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release 3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24> CVE-2022-40307 中 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS 3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463> 3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>

1 year, 7 months

2024

2023

2022