Security-bulletin
Threads by month
- ----- 2025 -----
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- 35 discussions
撤回: OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023
by Zhangadong (zhangadong, OS) 09 Jun '23
by Zhangadong (zhangadong, OS) 09 Jun '23
09 Jun '23
Zhangadong (zhangadong, OS) 将撤回邮件“OpenHarmony2023年06月安全公告 Security Vulnerabilities in June 2023”。
1
0
10 May '23
2023年05月安全漏洞
发布于2023.05.09
最后更新于2023.05.09
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
CVSS 3.1得分
受影响的仓库
受影响的OpenHarmony版本
修复链接
CVE-2021-36647
中
4.7
third_party_mbedtls
device_hisilicon_hispark_taurus
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129>
CVE-2023-1382
中
5.5
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805>
CVE-2023-0386
中
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1281
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-28772
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1637
低
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2021-3923
低
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1380
高
7.1
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1582
中
4.7
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766>
CVE-2022-48434
高
8.1
third_party_ffmpeg
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83>
CVE-2023-1838
中
5.3
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774>
CVE-2023-1838
中
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1855
中
6.3
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-30456
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2022-45934
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130>
CVE-2022-2978
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122>
CVE-2022-29581
高
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1989
高
7.0
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1829
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1990
中
4.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1859
中
6.4
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-2004
中
5.3
third_party_freetype
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51>
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53>
CVE-2023-2006
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812>
CVE-2023-2008
高
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0到OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788>
Security Vulnerabilities in May 2023
published May 9,2023
updated May 9,2023
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
CVSS3.1
affected repository
affected OpenHarmony versions
fix link
CVE-2021-36647
Medium
4.7
third_party_mbedtls
device_hisilicon_hispark_taurus
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.0.x<https://gitee.com/openharmony/third_party_mbedtls/pulls/86>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129>
CVE-2023-1382
Medium
5.5
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/804>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/805>
CVE-2023-0386
Medium
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1281
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-28772
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1637
Low
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2021-3923
Low
3.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/119>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/120>
CVE-2023-1380
High
7.1
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1582
Medium
4.7
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/765>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/766>
CVE-2022-48434
High
8.1
third_party_ffmpeg
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/81>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/82>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/83>
CVE-2023-1838
Medium
5.3
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/773>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/774>
CVE-2023-1838
Medium
5.3
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1855
Medium
6.3
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-30456
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2022-45934
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/129>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/130>
CVE-2022-2978
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/121>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/122>
CVE-2022-29581
High
7.8
kernel_linux_4.19
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/124>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/125>
CVE-2023-1989
High
7.0
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1829
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1990
Medium
4.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-1859
Medium
6.4
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/802>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/803>
CVE-2023-2004
Medium
5.3
third_party_freetype
OpenHarmony-v3.2-Release
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.2.x<https://gitee.com/openharmony/third_party_freetype/pulls/51>
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/52>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/53>
CVE-2023-2006
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/811>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/812>
CVE-2023-2008
High
7.8
kernel_linux_5.10
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0 through OpenHarmony-v3.0.8
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/787>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/788>
1
0
04 Apr '23
2023年04月安全漏洞
发布于2023.04.04
最后更新于2023.04.04
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
CVSS3.1
受影响的OpenHarmony版本
修复链接
CVE-2023-0597
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/705>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/706>
CVE-2022-30787
中
6.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/18>
CVE-2015-20107
高
7.6
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/45>
CVE-2022-33068
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.1.1-LTS到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/47>
3.0.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/48>
1.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/49>
CVE-2022-4904
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_cares/pulls/12>
3.0.x<https://gitee.com/openharmony/third_party_cares/pulls/11>
CVE-2022-3594
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/100>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/101>
CVE-2023-22995
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-22999
中
5.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/733>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/734>
CVE-2023-26545
中
6.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2022-47929
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2022-2873
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2023-23559
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2023-1118
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-1118
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2022-1652
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2021-3760
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2021-37576
高
7.8
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/106>
CVE-2023-0461
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-0461
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2023-23455
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2023-26545
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2022-0480
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2023-1076
中
4.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-1073
中
6.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738>
CVE-2023-1074
中
4.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738>
CVE-2023-1078
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-1095
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/708>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/709>
CVE-2023-23000
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-23002
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/711>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/712>
CVE-2023-23004
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-23006
高
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/713>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/714>
CVE-2023-26607
中
5.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746>
CVE-2023-0030
高
7.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/111>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/112>
CVE-2023-23000
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/117>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/118>
CVE-2023-1252
高
7.0
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/723>
CVE-2023-1390
高
7.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115>
CVE-2023-1078
中
5.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115>
CVE-2023-1074
中
4.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115>
CVE-2023-28328
中
5.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746>
CVE-2023-0464
中
5.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/95>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/96>
CVE-2023-1637
低
3.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/758>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/759>
CVE-2023-0465
中
5.6
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100>
CVE-2023-0466
中
5.6
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100>
Security Vulnerabilities in April 2023
published April 4,2023
updated April 4,2023
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
CVSS3.1
affected OpenHarmony versions
fix link
CVE-2023-0597
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/705>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/706>
CVE-2022-30787
Medium
6.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/18>
CVE-2015-20107
High
7.6
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/45>
CVE-2022-33068
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.1.1-LTS through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/47>
3.0.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/48>
1.1.x<https://gitee.com/openharmony/third_party_harfbuzz/pulls/49>
CVE-2022-4904
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_cares/pulls/12>
3.0.x<https://gitee.com/openharmony/third_party_cares/pulls/11>
CVE-2022-3594
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/100>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/101>
CVE-2023-22995
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-22999
Medium
5.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/733>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/734>
CVE-2023-26545
Medium
6.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2022-47929
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2022-2873
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2023-23559
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2023-1118
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-1118
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2022-1652
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2021-3760
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2021-37576
High
7.8
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/106>
CVE-2023-0461
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-0461
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2023-23455
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/103>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/104>
CVE-2023-26545
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2022-0480
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/107>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/108>
CVE-2023-1076
Medium
4.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-1073
Medium
6.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738>
CVE-2023-1074
Medium
4.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/736>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/738>
CVE-2023-1078
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-1095
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/708>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/709>
CVE-2023-23000
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-23002
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/711>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/712>
CVE-2023-23004
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/725>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/726>
CVE-2023-23006
High
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/713>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/714>
CVE-2023-26607
Medium
5.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746>
CVE-2023-0030
High
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/111>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/112>
CVE-2023-23000
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/117>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/118>
CVE-2023-1252
High
7.0
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/723>
CVE-2023-1390
High
7.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115>
CVE-2023-1078
Medium
5.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115>
CVE-2023-1074
Medium
4.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/114>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/115>
CVE-2023-28328
Medium
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/745>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/746>
CVE-2023-0464
Medium
5.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/95>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/96>
CVE-2023-1637
Low
3.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/758>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/759>
CVE-2023-0465
Medium
5.6
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100>
CVE-2023-0466
Medium
5.6
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/100>
1
0
07 Mar '23
2023年03月安全漏洞
发布于2023.03.07
最后更新于2023.03.07
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2023-0301
CVE-2023-24465
WLAN组件子系统通信设备服务的一个接口,在接受外部数据时存在空指针引用。
本地攻击者利用此漏洞,可导致当前应用crash。
5.5
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS
communication_wifi
3.1.x<https://gitee.com/openharmony/communication_wifi/pulls/788>
3.0.x<https://gitee.com/openharmony/communication_wifi/pulls/862>
本项目组上报
OpenHarmony-SA-2023-0302
CVE-2023-25947
包管理模块存在安装hap包时没有做有效性判断的漏洞。
本地攻击者利用此漏洞构造非法数据,在安装hap包时可以导致系统无响应。
6.2
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.4-Release
bundlemanager_bundle_framework
3.1.x<https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/3094>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-47946
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-2196
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/665>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/666>
CVE-2023-0047
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/631>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/632>
CVE-2023-23559
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2022-3640
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/659>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/660>
CVE-2022-47929
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>
CVE-2023-0179
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2023-0394
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>
CVE-2023-23454
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2023-23455
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2023-0590
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/687>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/688>
CVE-2023-0615
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>
CVE-2023-0045
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>
CVE-2023-20938
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>
CVE-2022-3176
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2023-0045
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/96>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/97>
CVE-2022-3028
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/98>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/99>
CVE-2020-36516
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/682>
CVE-2022-3341
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/74>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/73>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/19>
CVE-2022-4450
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/80>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/81>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/82>
CVE-2023-0286
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>
CVE-2023-0215
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>
CVE-2022-4304
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/87>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/88>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/89>
CVE-2021-41751
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/101>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/102>
CVE-2021-43453
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/103>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/104>
CVE-2022-1304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51>
3.0.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/52>
CVE-2023-23914
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>
CVE-2023-23915
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>
CVE-2023-23916
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>
CVE-2020-35538
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/250>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/251>
CVE-2022-37434
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/248>
Security Vulnerabilities in Feburary 2023
published March 7,2023
updated March 7,2023
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2023-0301
CVE-2023-24465
Communication Wi-Fi subsystem has a null pointer reference vulnerability when receiving external data.
Local attackers can exploit this vulnerability to cause the current application to crash.
5.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
communication_wifi
3.1.x<https://gitee.com/openharmony/communication_wifi/pulls/788>
3.0.x<https://gitee.com/openharmony/communication_wifi/pulls/862>
Reported by OpenHarmony Team
OpenHarmony-SA-2023-0302
CVE-2023-25947
The bundle management subsystem has a improper input validation when installing a HAP package.
Local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
bundlemanager_bundle_framework
3.1.x<https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/3094>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-47946
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-2196
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/665>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/666>
CVE-2023-0047
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/631>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/632>
CVE-2023-23559
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2022-3640
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/659>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/660>
CVE-2022-47929
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>
CVE-2023-0179
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2023-0394
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/677>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/678>
CVE-2023-23454
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2023-23455
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/661>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/662>
CVE-2023-0590
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/687>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/688>
CVE-2023-0615
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>
CVE-2023-0045
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>
CVE-2023-20938
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/696>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/697>
CVE-2022-3176
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2023-0045
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/96>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/97>
CVE-2022-3028
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/98>
3.0.x<https://gitee.com/openharmony/kernel_linux_4.19/pulls/99>
CVE-2020-36516
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/682>
CVE-2022-3341
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/74>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/73>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/19>
CVE-2022-4450
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/80>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/81>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/82>
CVE-2023-0286
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>
CVE-2023-0215
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/86>
CVE-2022-4304
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/87>
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/88>
1.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/89>
CVE-2021-41751
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/101>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/102>
CVE-2021-43453
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/103>
3.0.x<https://gitee.com/openharmony/third_party_jerryscript/pulls/104>
CVE-2022-1304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/51>
3.0.x<https://gitee.com/openharmony/third_party_e2fsprogs/pulls/52>
CVE-2023-23914
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>
CVE-2023-23915
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>
CVE-2023-23916
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
OpenHarmony-v1.0.1-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/110>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/111>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/112>
CVE-2020-35538
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/250>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/251>
CVE-2022-37434
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.6-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.8-LTS
3.1.x<https://gitee.com/openharmony/third_party_flutter/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_flutter/pulls/248>
1
0
07 Feb '23
2023年02月安全漏洞
发布于2022.02.07
最后更新于2022.02.07
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2023-0201
CVE-2023-0083
ArkUI框架子系统未对入参进行类型检查导致类型混淆,造成访问非法内存。
攻击者可在本地内发起攻击,造成当前应用崩溃。
4.0
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS
arkui_ace_engine
3.1.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8872>
3.0.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8877>
研究员上报
OpenHarmony-SA-2023-0202
CVE-2023-22301
内核子系统中hmdfs存在内核任意内存越界读漏洞。
攻击者可发起远程攻击,可获取目标系统的内核内存数据。
6.5
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/656>
研究员上报
OpenHarmony-SA-2023-0203
CVE-2023-22436
内核子系统中check_permission_for_set_tokenid函数中存在UAF漏洞。
本地攻击者利用该漏洞攻击可以权限提升,获得root权限。
7.8
OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/598>
研究员上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-2347
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/62>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/63>
CVE-2022-4135
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4186
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4438
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4437
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4436
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-41218
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3424
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-4129
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-42328
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3643
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3105
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3104
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3115
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3113
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3112
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3111
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/584>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/585>
CVE-2022-3108
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3107
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/590>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/591>
CVE-2022-3106
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/592>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/593>
CVE-2022-47519
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-43551
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-43552
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-47518
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47520
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47521
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3109
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/71>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/72>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18>
CVE-2022-4662
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/608>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/609>
CVE-2022-3890
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-20568
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/629>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/630>
Security Vulnerabilities in Feburary 2023
published Feburary 7,2023
updated Feburary 7,2023
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2023-0201
CVE-2023-0083
The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.
Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
arkui_ace_engine
3.1.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8872>
3.0.x<https://gitee.com/openharmony/arkui_ace_engine/pulls/8877>
Reported by researchers
OpenHarmony-SA-2023-0202
CVE-2023-22301
The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.
Network attackers can launch a remote attack to obtain kernel memory data of the target system.
6.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/656>
Reported by researchers
OpenHarmony-SA-2023-0203
CVE-2023-22436
The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability.
Local attackers can exploit this vulnerability to escalate the privilege to root.
7.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
kernel_linux_5.10
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/598>
Reported by researchers
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-2347
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/62>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/63>
CVE-2022-4135
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4186
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4438
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4437
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-4436
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-41218
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3424
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-4129
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-42328
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3643
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/646>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/647>
CVE-2022-3105
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3104
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3115
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3113
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3112
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/579>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/580>
CVE-2022-3111
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/584>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/585>
CVE-2022-3108
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3107
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/590>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/591>
CVE-2022-3106
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/592>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/593>
CVE-2022-47519
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-43551
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-43552
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/99>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/100>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/101>
CVE-2022-47518
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47520
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-47521
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-3109
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/71>
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/72>
1.1.x<https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18>
CVE-2022-4662
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/608>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/609>
CVE-2022-3890
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/546>
CVE-2022-20568
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/629>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/630>
1
0
04 Jan '23
2023年01月安全漏洞
发布于2022.01.03
最后更新于2022.01.03
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2023-0101
CVE-2023-0035
通信子系统软总线部件softbus_client_stub存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。
6.5
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140>
本项目组上报
OpenHarmony-SA-2023-0102
CVE-2023-0036
杂散子系统输入法部件platform_callback_stub存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地内发起攻击,造成校验绕过,可进一步提权攻击其他SA。
6.5
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
inputmethod_imf
3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2021-3782
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22>
CVE-2022-3046
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3041
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3040
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3039
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3038
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3057
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3195
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3054
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3075
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3373
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3370
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3311
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3316
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3315
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-43680
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22>
CVE-2022-32221
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42916
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42915
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-44638
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11>
3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12>
CVE-2022-40284
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33>
CVE-2022-40303
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-40304
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-37454
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35>
CVE-2022-42919
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36>
CVE-2022-45061
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37>
CVE-2020-10735
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26>
CVE-2022-3169
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2022-42895
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-42896
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-41858
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570>
CVE-2022-45934
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-4139
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568>
CVE-2022-20566
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583>
CVE-2022-4378
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
Security Vulnerabilities in January 2023
published January 3,2023
updated January 3,2023
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2023-0101
CVE-2023-0035
softbus_client_stub in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and attack other SAs with high privilege.
6.5
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2140>
Reported by OpenHarmony Team
OpenHarmony-SA-2023-0102
CVE-2023-0036
platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and attack other SAs with high privilege.
6.5
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
inputmethod_imf
3.0.x<https://gitee.com/openharmony/inputmethod_imf/pulls/228>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2021-3782
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.0.x<https://gitee.com/openharmony/third_party_wayland_standard/pulls/22>
CVE-2022-3046
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3041
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3040
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3039
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3038
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3057
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3195
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3054
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3075
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
CVE-2022-3373
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3370
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3311
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3316
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3315
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-3304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/464>
CVE-2022-43680
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/23>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/22>
CVE-2022-32221
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42916
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-42915
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/91>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/90>
CVE-2022-44638
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_pixman/pulls/11>
3.0.x<https://gitee.com/openharmony/third_party_pixman/pulls/12>
CVE-2022-40284
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_ntfs-3g/pulls/33>
CVE-2022-40303
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-40304
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/31>
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/32>
CVE-2022-37454
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/35>
CVE-2022-42919
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/36>
CVE-2022-45061
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/37>
CVE-2020-10735
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/26>
CVE-2022-3169
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/553>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/561>
CVE-2022-42895
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-42896
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/544>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/545>
CVE-2022-41858
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/569>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/570>
CVE-2022-45934
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
CVE-2022-4139
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/567>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/568>
CVE-2022-20566
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/582>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/583>
CVE-2022-4378
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/586>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/587>
1
0
06 Dec '22
2022年12月安全漏洞
发布于2022.12.06
最后更新于2022.12.06
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1201
CVE-2022-45877
跨设备认证中pin码会明文传输到对端设备进行校验,会降低中间人攻击的难度。
攻击者可在局域网发起攻击,绕过权限管控机制,降低中间人攻击的难度。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
distributedhardware_device_manager
applications_hap
security_device_auth
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915>
3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364>
3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351>
本项目组上报
OpenHarmony-SA-2022-1202
CVE-2022-41802
内核子系统kernel_liteos_a中系统调用SysClockGetres存在泄漏内核栈的漏洞。
攻击者可在本地发起攻击,导致编译器自动填充的4字节数据被误拷贝到用户空间,造成内核栈上泄漏4字节内容。
4.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
研究者上报
OpenHarmony-SA-2022-1203
CVE-2022-45126
内核子系统kernel_liteos_a中系统调用SysClockGettime存在泄漏内核栈的漏洞。
攻击者可在本地发起攻击,导致编译器自动填充的4字节数据被误拷贝到用户空间,造成内核栈上泄漏4字节内容。
4.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
研究者上报
OpenHarmony-SA-2022-1204
CVE-2022-43662
内核子系统kernel_liteos_a中系统调用SysTimerGettime存在泄漏内核栈的漏洞。
攻击者可在本地发起攻击,导致编译器自动填充的4字节数据被误拷贝到用户空间,造成内核栈上泄漏4字节内容。
4.0
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
研究者上报
OpenHarmony-SA-2022-1205
CVE-2022-44455
appspawn and nwebspawn服务 对输入缺少校验,存在内存溢出漏洞。
攻击者可在本地发起攻击,恶意应用可以提升权限或造成应用崩溃。
6.8
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426>
本项目组上报
OpenHarmony-SA-2022-1206
CVE-2022-45118
通信子系统telephony发送公共事件时带有个人数据,但缺少权限设置。
攻击者可在本地发起攻击,恶意应用可以无权限监听广播获取手机号、短信数据等信息。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
telephony_state_registry
telephony_sms_mms
3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-20422
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3303
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-42703
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41222
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3239
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-20423
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41850
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3586
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3625
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-42432
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3633
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3635
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3629
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3646
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3621
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3567
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-43750
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3545
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3523
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-2602
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3628
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-40768
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3566
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3577
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3606
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3649
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3564
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-20409
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-41849
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-20421
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3435
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42719
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42720
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42721
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42722
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-41674
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3535
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3521
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3524
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3534
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3542
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
CVE-2022-3565
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3594
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
Security Vulnerabilities in December 2022
published December 6,2022
updated December 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1201
CVE-2022-45877
PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.
Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks.
8.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
distributedhardware_device_manager
applications_hap
security_device_auth
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915>
3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364>
3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1202
CVE-2022-41802
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.
4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
Reported by Researchers
OpenHarmony-SA-2022-1203
CVE-2022-45126
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.
4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
Reported by Researchers
OpenHarmony-SA-2022-1204
CVE-2022-43662
Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime.
4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
4.0
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
kernel_liteos_a
3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>
Reported by Researchers
OpenHarmony-SA-2022-1205
CVE-2022-44455
The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation.
An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
6.8
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1206
CVE-2022-45118
Telephony in communication subsystem sends public events with personal data, but the permission is not set.
Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
telephony_state_registry
telephony_sms_mms
3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-20422
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3303
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-42703
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41222
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3239
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-20423
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-41850
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>
CVE-2022-3586
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3625
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-42432
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3633
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3635
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3629
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3623
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3646
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3621
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3567
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-43750
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3545
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3523
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-2602
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-3628
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>
CVE-2022-40768
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3566
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3577
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3606
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3649
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-3564
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-20409
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>
CVE-2022-41849
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-20421
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3435
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42719
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42720
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42721
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-42722
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-41674
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3535
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3521
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3524
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3534
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3542
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
CVE-2022-3565
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
CVE-2022-3594
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>
1
0
01 Nov '22
2022年11月安全漏洞
发布于2022.11.1
最后更新于2022.11.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1101
CVE-2022-43451
启动子系统appspawn和nwebspawn服务存在路径穿越漏洞。
攻击者可在本地发起攻击,造成任意路径穿越,可穿越沙箱。如果结合其他漏洞可进一步获取root权限。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
本项目组上报
OpenHarmony-SA-2022-1102
CVE-2022-43449
download_server存在任意文件读取漏洞。
攻击者可在本地发起攻击,读取文件系统上任意可被download_server访问的文件。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
request_request
3.1.x<https://gitee.com/openharmony/request_request/pulls/207>
本项目组上报
OpenHarmony-SA-2022-1103
CVE-2022-43495
distributedhardware_device_manage在设备组网过程中收到异常报文会导致设备重启。
攻击者可在局域网发起攻击,在设备组网过程中,发送恶意报文,可造成空指针解引用,设备重启。
6.5
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
distributedhardware_device_manager
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/728>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-2295
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2294
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-26373
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495>
CVE-2022-23816
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29901
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29900
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-2481
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2480
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2478
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2477
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-30790
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50>
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/86/files>
1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48>
CVE-2022-1462
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490>
CVE-2022-1184
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474>
3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475>
CVE-2022-2663
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39190
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-40674
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19>
CVE-2022-3202
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
CVE-2022-3199
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
Security Vulnerabilities in November 2022
published November 1,2022
updated November 1,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1101
CVE-2022-43451
Multiple path traversal in appspawn and nwebspawn services.
Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
startup_appspawn
3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1102
CVE-2022-43449
Arbitrary file read via download_server.
Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
request_request
3.1.x<https://gitee.com/openharmony/request_request/pulls/207>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1103
CVE-2022-43495
An abnormal packet recieved when distributedhardware_device_manager joining a network could cause a device reboot.
Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
6.5
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
distributedhardware_device_manager
3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/728>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-2295
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2294
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-26373
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495>
CVE-2022-23816
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29901
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-29900
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>
CVE-2022-2481
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2480
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2478
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-2477
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>
CVE-2022-30790
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50>
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/86/files>
1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48>
CVE-2022-1462
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490>
CVE-2022-1184
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474>
3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475>
CVE-2022-2663
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39190
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-39189
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>
CVE-2022-40674
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19>
CVE-2022-3202
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
CVE-2022-3199
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>
1
0
Security Vulnerabilities in October 2022
published October 11,2022
updated October 11,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1001
CVE-2022-42488
Startup subsystem missed permission validation in param service.
Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1002
CVE-2022-42464
Kernel memory pool override in /dev/mmz_userdev device driver
If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
6.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.0.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.1.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1003
CVE-2022-41686
Out-of-bound memory read and write in /dev/mmz_userdev device driver.
If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption.
5.1
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1004
CVE-2022-42463
Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function.
Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
8.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-27405
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0
11 Oct '22
2022年10月安全漏洞
发布于2022.10.11
最后更新于2022.10.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1001
CVE-2022-42488
启动子系统param服务缺少权限校验。
攻击者可在本地发起攻击,获取root权限,关闭安全特性或对任意服务造成DoS攻击。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
本项目组上报
OpenHarmony-SA-2022-1002
CVE-2022-42464
dev/mmz_userdev驱动存在内核内存非法映射漏洞。
攻击者可在本地发起攻击,非法映射内存并进行读写,可提升到root权限或造成设备重启。利用此漏洞需要system UID。
6.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.1.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
本项目组上报
OpenHarmony-SA-2022-1003
CVE-2022-41686
dev/mmz_userdev驱动存在越界读写漏洞。
攻击者可在本地发起攻击,越界读写内存地址,造成内存泄露或崩溃。利用此漏洞需要system UID。
5.1
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
本项目组上报
OpenHarmony-SA-2022-1004
CVE-2022-42463
通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。
攻击者可以在分布式网络发起攻击,发送蓝牙rfcomm报文到任意远程设备,执行任意命令。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-27405
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0