Security-bulletin
Threads by month
- ----- 2025 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- 1 participants
- 37 discussions
Security Vulnerabilities in October 2022
published October 11,2022
updated October 11,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-1001
CVE-2022-42488
Startup subsystem missed permission validation in param service.
Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
8.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1002
CVE-2022-42464
Kernel memory pool override in /dev/mmz_userdev device driver
If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
6.7
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.0.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.1.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1003
CVE-2022-41686
Out-of-bound memory read and write in /dev/mmz_userdev device driver.
If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption.
5.1
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-1004
CVE-2022-42463
Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function.
Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
8.3
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-27405
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0
11 Oct '22
2022年10月安全漏洞
发布于2022.10.11
最后更新于2022.10.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1001
CVE-2022-42488
启动子系统param服务缺少权限校验。
攻击者可在本地发起攻击,获取root权限,关闭安全特性或对任意服务造成DoS攻击。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
本项目组上报
OpenHarmony-SA-2022-1002
CVE-2022-42464
dev/mmz_userdev驱动存在内核内存非法映射漏洞。
攻击者可在本地发起攻击,非法映射内存并进行读写,可提升到root权限或造成设备重启。利用此漏洞需要system UID。
6.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.1.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87>
本项目组上报
OpenHarmony-SA-2022-1003
CVE-2022-41686
dev/mmz_userdev驱动存在越界读写漏洞。
攻击者可在本地发起攻击,越界读写内存地址,造成内存泄露或崩溃。利用此漏洞需要system UID。
5.1
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127>
本项目组上报
OpenHarmony-SA-2022-1004
CVE-2022-42463
通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。
攻击者可以在分布式网络发起攻击,发送蓝牙rfcomm报文到任意远程设备,执行任意命令。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-27405
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>
1
0
OpenHarmony2022年9月安全漏洞 OpenHarmony Security Vulnerabilities in September 2022
by OpenHarmony-CNA 06 Sep '22
by OpenHarmony-CNA 06 Sep '22
06 Sep '22
2022年9月安全漏洞
发布于2022.9.6
最后更新于2022.9.6
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0901
CVE-2022-36423
cJSON库的错误配置,导致递归解析时存在栈溢出漏洞。
攻击者可在局域网络内发起攻击,对网络内设备发起DoS攻击,导致进程崩溃。
7.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS
third_party_cJSON
3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
1.1.x
本项目组上报
OpenHarmony-SA-2022-0902
CVE-2022-38081
安全子系统tokensync系统服务存在对调用者的权限校验绕过漏洞。
攻击者可在局域网络内发起攻击,绕过分布式调用权限管控。利用此漏洞需要额外的一个获取system权限的漏洞。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
security_access_token
3.1.x
本项目组上报
OpenHarmony-SA-2022-0903
CVE-2022-38701
通信子系统分布式软总线模块ipc接口存在堆内存泄露漏洞。
攻击者可在局域网络内发起攻击,绕过分布式调用权限管控。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.1.x
3.0.x
本项目组上报
OpenHarmony-SA-2022-0904
CVE-2022-38064
windowmanager的系统服务存在对调用者的权限校验绕过漏洞。
攻击者可在本地发起攻击,绕过权限管控机制,获取设备敏感信息。
6.2
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
windowmanager
3.1.x
本项目组上报
OpenHarmony-SA-2022-0905
CVE-2022-38700
多媒体子系统相机服务存在对调用者的权限校验绕过漏洞。
攻击者可在局域网内发起攻击,绕过权限管控机制,访问相机服务。
8.8
OpenHarmony-v3.1-Release
multimedia_camera_standard
3.1.x
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-34918
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-33981
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-33743
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33742
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33741
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33740
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-32981
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32296
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32250
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-29582
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-27666
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-26365
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-2380
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2318
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2153
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21499
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21166
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21125
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21123
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20154
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20153
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20141
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-20132
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20009
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-1998
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1975
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1972
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1852
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1836
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1789
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1652
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1508
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1205
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1204
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1198
中
OpenHarmony-v3.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.1.x
3.0.x
CVE-2022-0644
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-45868
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2021-4135
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-33061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-28713
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28712
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28711
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-26401
中
OpenHarmony-v3.1-Release
3.1.x
CVE-2022-37434
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.1-LTS到OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-1587
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-1586
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2068
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30789
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30788
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30787
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30786
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30785
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30784
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30783
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46790
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32215
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32213
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32212
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46822
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2122
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1925
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1924
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1923
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1922
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1921
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1920
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-34835
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30767
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30552
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32208
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32207
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32206
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32205
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
Security Vulnerabilities in September 2022
published September 6,2022
updated September 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Description
Vulnerability Impact
CVSS3.1 Base Score
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0901
CVE-2022-36423
Incorrect configuration of the cJSON library lead a Stack overflow vulnerability during recursive parsing.
LAN attackers can lead a DoS attack to all network devices.
7.4
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS
third_party_cJSON
3.1.x
3.1.x
3.0.x
3.0.x
1.1.x
1.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0902
CVE-2022-38081
Tokensync in security subsystem has a permission bypass vulnerability.
LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
security_access_token
3.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0903
CVE-2022-38701
IPC in communication subsystem has a heap overflow vulnerability.
Local attackers can trigger a heap overflow and get network sensitive information.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
communication_dsoftbus
3.1.x
3.0.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0904
CVE-2022-38064
windowmanager in window subsystem has a permission bypass vulnerability.
Local attackers can bypass permission control and get sensitive information.
6.2
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
windowmanager
3.1.x
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0905
CVE-2022-38700
multimedia subsystem has a permission bypass vulnerability.
LAN attackers can bypass permission control and get control of camera service.
8.8
OpenHarmony-v3.1-Release
multimedia_camera_standard
3.1.x
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-34918
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-33981
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-33743
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33742
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33741
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-33740
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-32981
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32296
Low
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32250
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-29582
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-27666
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-26365
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-2380
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2318
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-2153
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21499
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21166
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21125
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-21123
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20154
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20153
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20141
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-20132
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-20009
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2022-1998
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1975
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1972
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1852
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1836
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1789
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1652
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2022-1508
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1205
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1204
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1198
Medium
OpenHarmony-v3.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.1.x
3.0.x
CVE-2022-0644
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-45868
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x
CVE-2021-4135
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-33061
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2021-28713
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28712
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-28711
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.0.x
CVE-2021-26401
Medium
OpenHarmony-v3.1-Release
3.1.x
CVE-2022-37434
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.1-LTS through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-1587
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-1586
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2068
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30789
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30788
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30787
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30786
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30785
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30784
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-30783
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46790
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32215
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32213
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-32212
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2097
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2021-46822
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.1.x
CVE-2022-2122
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1925
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1924
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1923
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1922
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1921
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-1920
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-34835
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30767
Critical
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-30552
High
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32208
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32207
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32206
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
CVE-2022-32205
Medium
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
3.1.x
3.0.x
1
0
2022年8月安全漏洞
发布于2022.8.2
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0801
NA
电话服务子系统telephony_sms_mms组件DecodeUCS2Data存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0802
NA
电话服务子系统telephony_sms_mms组件DecodeGSMData存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0803
NA
电话服务子系统telephony_sms_mms组件DecodeAddress存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0804
NA
电话服务子系统telephony_sms_mms组件Decode8bitData存在DoS漏洞。
攻击者可在网络内发起攻击,访问非法内存,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
本项目组上报
OpenHarmony-SA-2022-0806
NA
通信子系统分布式软总线组件SendMessage接口存在漏洞,导致权限管控被绕过。
攻击者可在本地发起攻击,绕过权限管控机制,进一步向局域网内设备写入任意数据。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/1668>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-1729
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-29581
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-20008
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1195
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1516
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-30594
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1012
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/237>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/224>
CVE-2022-29824
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/23>
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/21>
CVE-2022-1475
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/41>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/36>
CVE-2022-27406
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-27404
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-1974
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/302>
CVE-2022-1734
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1199
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/333>
CVE-2022-1966
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1786
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1280
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
CVE-2022-45868
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
Security Vulnerabilities in August 2022
published August 2,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0801
NA
DecodeUCS2Data in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0802
NA
DecodeGSMData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0803
NA
DecodeAddress in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0804
NA
Decode8bitData in telephony_sms_mms component of telephony subsystem, has a DoS vulnerability.
Network attackers can access illegal memory and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
telephony_sms_mms
3.0.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/404>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/355>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0806
NA
SendMessage in dsoftbus in communication subsystem has a permission bypass vulnerability.
Local attackers can bypass the permission check, and write any data into network devices.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/1668>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-1729
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-29581
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/255>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/299>
CVE-2022-20008
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1195
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1516
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-30594
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/241>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1012
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/237>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/224>
CVE-2022-29824
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_libxml2/pulls/23>
3.1.x<https://gitee.com/openharmony/third_party_libxml2/pulls/21>
CVE-2022-1475
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/41>
3.1.x<https://gitee.com/openharmony/third_party_ffmpeg/pulls/36>
CVE-2022-27406
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-27404
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/17>
[3.1.x]not fixed
CVE-2022-1974
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/302>
CVE-2022-1734
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-1199
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/260>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/333>
CVE-2022-1966
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1786
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/258>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/332>
CVE-2022-1280
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
CVE-2022-45868
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/233>
1
0
2022年7月安全漏洞
发布于2022.7.5
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0701
NA
通信子系统蓝牙组件存在DoS漏洞,造成进程崩溃。
攻击者可在本地发起攻击,进入超大循环,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
communication_bluetooth
3.0.x<https://gitee.com/openharmony/communication_bluetooth/pulls/179>
本项目组上报
OpenHarmony-SA-2022-0702
NA
升级子系统升级包安装组件存在空指针引用,造成进程崩溃。
攻击者可在本地发起攻击,传入空指针,导致进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
update_updater
3.0.x<https://gitee.com/openharmony/update_updater/pulls/101>
本项目组上报
OpenHarmony-SA-2022-0703
NA
通信子系统软总线存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成权限绕过,可获取系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/142>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-1292
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/48>
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/49>
CVE-2022-27781
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-27782
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-0168
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0330
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0001
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0002
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-23960
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0322
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
CVE-2021-32078
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38205
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38166
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-42739
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2022-0854
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/194>
CVE-2022-23037
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23039
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23040
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23038
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23041
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23042
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23036
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-0998
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2021-4203
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-39633
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-46283
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4149
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4204
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2021-3640
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3669
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3759
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3752
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-27820
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43976
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43975
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4001
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4002
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4037
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12363
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12364
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-39685
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4083
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45095
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-44733
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45469
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4197
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45480
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4155
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4202
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
Security Vulnerabilities in July 2022
published July 5,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0701
NA
The bluetooth in communication subsystem has a DoS vulnerability.
Local attackers can trigger a large loop and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
communication_bluetooth
3.0.x<https://gitee.com/openharmony/communication_bluetooth/pulls/179>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0702
NA
The updater in update subsystem has a null pointer reference vulnerability.
Local attackers can input a nullptr and crash the process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
update_updater
3.0.x<https://gitee.com/openharmony/update_updater/pulls/101>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0703
NA
The dsoftbus in communication subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
communication_dsoftbus
3.0.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/142>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-1292
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/third_party_openssl/pulls/48>
3.1.x<https://gitee.com/openharmony/third_party_openssl/pulls/49>
CVE-2022-27781
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-27782
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/63>
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/61>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/60>
CVE-2022-0168
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0330
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/218>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0001
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0002
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/202>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-23960
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2022-0322
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/201>
CVE-2021-32078
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38205
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-38166
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2021-42739
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/198>
CVE-2022-0854
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/194>
CVE-2022-23037
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23039
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23040
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23038
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23041
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23042
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-23036
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/190>
CVE-2022-0998
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
OpenHarmony-v3.1-Release
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/214>
CVE-2021-4203
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-39633
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-46283
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4149
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-4204
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2021-3640
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3669
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3759
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-3752
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-27820
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43976
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-43975
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4001
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4002
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4037
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12363
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2020-12364
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-39685
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4083
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45095
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-44733
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45469
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4197
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-45480
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4155
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
CVE-2021-4202
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/144>
1
0
2022年6月安全漏洞
发布于2022.6.6
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0601
NA
事件通知子系统反序列化对象时会绕过认证机制。
攻击者可在本地发起攻击,造成权限绕过,导致服务端进程崩溃。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
notification_ces_standard
链接<https://gitee.com/openharmony/notification_common_event_service/pulls/269>
本项目组上报
OpenHarmony-SA-2022-0602
NA
事件通知子系统存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
notification_ces_standard
链接<https://gitee.com/openharmony/notification_common_event_service/pulls/245>
本项目组上报
OpenHarmony-SA-2022-0603
NA
升级服务组件存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获得系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
update_updateservice
链接<https://gitee.com/openharmony/update_updateservice/pulls/115>
本项目组上报
OpenHarmony-SA-2022-0604
NA
多媒体子系统存在校验绕过漏洞,可发起SA中继攻击。
攻击者可在本地发起攻击,造成校验绕过,获取系统控制权。
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
multimedia_media_standard
链接<https://gitee.com/openharmony/multimedia_media_standard/pulls/567>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-25313
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25314
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25315
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25235
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25236
严重
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-23308
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_libxml2/pulls/11>
CVE-2022-25375
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-25258
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-0435
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24959
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-44879
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24958
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-45402
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-4160
中
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/29>
CVE-2022-0778
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2022-0886
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/143>
CVE-2022-1055
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0995
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39698
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0494
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1048
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1016
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39686
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0500
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2022-28390
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28389
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28388
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28893
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-1353
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28356
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2019-16089
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4156
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_libsnd/pulls/10>
CVE-2022-22576
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27775
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27776
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27774
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS和OpenHarmony-v3.1-Release
链接<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2021-3520
严重
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_lz4/pulls/2>
CVE-2021-44732
严重
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_mbedtls/pulls/31>
CVE-2021-36690
高
OpenHarmony-v3.0-LTS和OpenHarmony-v3.0.1-LTS
链接<https://gitee.com/openharmony/third_party_sqlite/pulls/4>
CVE-2021-3732
低
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.3-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-22570
高
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_protobuf/pulls/26>
CVE-2021-22569
中
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.2-LTS
链接<https://gitee.com/openharmony/third_party_protobuf/pulls/27>
Security Vulnerabilities in June 2022
published June 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0601
NA
The notification subsystem in OpenHarmony has an authentication bypass vulnerability when deserialize an object.
Local attackers can bypass authenication and crash the server process.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
notification_ces_standard
Link<https://gitee.com/openharmony/notification_common_event_service/pulls/269>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0602
NA
The notification subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
notification_ces_standard
Link<https://gitee.com/openharmony/notification_common_event_service/pulls/245>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0603
NA
The updateservice in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
update_updateservice
Link<https://gitee.com/openharmony/update_updateservice/pulls/115>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0604
NA
The multimedia subsystem in OpenHarmony has an authentication bypass vulnerability which allows an "SA relay attack".
Local attackers can bypass authentication and get system control.
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
multimedia_media_standard
Link<https://gitee.com/openharmony/multimedia_media_standard/pulls/567>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-25313
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25314
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25315
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25235
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-25236
Critical
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_expat/pulls/10>
CVE-2022-23308
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_libxml2/pulls/11>
CVE-2022-25375
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-25258
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-0435
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24959
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-44879
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2022-24958
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-45402
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/146>
CVE-2021-4160
Medium
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/29>
CVE-2022-0778
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2022-0886
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/143>
CVE-2022-1055
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0995
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39698
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0494
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1048
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-1016
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2021-39686
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/175>
CVE-2022-0500
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/163>
CVE-2022-28390
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28389
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28388
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28893
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-1353
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-29156
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2022-28356
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/181>
CVE-2019-16089
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/152>
CVE-2021-4156
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_libsnd/pulls/10>
CVE-2022-22576
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27775
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27776
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2022-27774
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS and OpenHarmony-v3.1-Release
Link<https://gitee.com/openharmony/third_party_curl/pulls/52>
CVE-2021-3520
Critical
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_lz4/pulls/2>
CVE-2021-44732
Critical
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_mbedtls/pulls/31>
CVE-2021-36690
High
OpenHarmony-v3.0-LTS and OpenHarmony-v3.0.1-LTS
Link<https://gitee.com/openharmony/third_party_sqlite/pulls/4>
CVE-2021-3732
Low
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.3-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/180>
CVE-2021-22570
High
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_protobuf/pulls/26>
CVE-2021-22569
Medium
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.2-LTS
Link<https://gitee.com/openharmony/third_party_protobuf/pulls/27>
1
0
2022年5月安全漏洞
发布于2022.5.6
漏洞编号
相关漏洞
漏洞描述
漏洞影响
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-0501
NA
软总线子系统存在堆溢出漏洞。
攻击者可在本地发起攻击,造成内存访问越界,可获取系统控制权。
OpenHarmony-3.0-LTS
communication_dsoftbus
链接<https://gitee.com/openharmony/communication_dsoftbus/pulls/1198>
本项目组上报
OpenHarmony-SA-2022-0502
NA
软总线子系统在接收TCP消息时存在堆溢出漏洞。
攻击者可在局域网内发起攻击,进行远程代码执行,获得系统控制权。
OpenHarmony-3.0-LTS
communication_dsoftbus
链接<https://gitee.com/openharmony/communication_dsoftbus/pulls/1113>
本项目组上报
OpenHarmony-SA-2022-0503
NA
软总线处理设备同步消息时存在越界访问漏洞。
攻击者可在局域网内发起攻击,可造成内存访问越界,造成DoS攻击。
OpenHarmony-3.0-LTS
communication_dsoftbus
链接<https://gitee.com/openharmony/communication_dsoftbus/pulls/1369>
本项目组上报
OpenHarmony-SA-2022-0504
NA
Lock类包含的一个指针成员存在重复释放问题。
攻击者可在本地发起攻击,可获取系统控制权。
OpenHarmony-3.0-LTS
global_resmgr_standard
链接<https://gitee.com/openharmony/global_resmgr_standard/pulls/136>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-0778
中
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2018-25032
高
OpenHarmony-1.0-LTS
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/third_party_zlib/pulls/31>
链接<https://gitee.com/openharmony/third_party_zlib/pulls/30>
CVE-2021-28714
中
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/06639c05f98d596690a9…>
CVE-2021-28715
中
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/2938e8ac18d248567afe…>
CVE-2022-23222
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/4e695c44106d3f0f9908…>
CVE-2022-0185
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/76a954013f985828558d…>
CVE-2021-22600
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/214329f8032e15f72d39…>
CVE-2022-22942
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/9a967f71164cf3b3fc78…>
CVE-2022-0492
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/ea8f5c0c115c8c61a76b…>
CVE-2022-24448
低
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/9e4a6ed92bb4e0b964c5…>
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/af9e3d1a2dc61aa346e3…>
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/51fef9de52b5b1431cac…>
CVE-2022-0516
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/8ba71b83e7acfbbf351d…>
CVE-2022-0617
中
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/999c29733c45ac8864c6…>
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/7d65b9dbe4277bac42eb…>
CVE-2022-0847
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/b4e786c8ebae053b2158…>
CVE-2022-26490
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/141>
CVE-2022-25636
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/62e62125967779009361…>
CVE-2022-26966
中
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/4b80b2d8eba4d9df430b…>
CVE-2022-1011
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/013bad7096d7bee6a3be…>
CVE-2022-27223
高
OpenHarmony-3.0-LTS
链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/5939446d63ddecefdbe3…>
Security Vulnerabilities in May 2022
published May 6,2022
Vulnerability ID
related Vulnerability
Vulnerability Descripton
Vulnerability Impact
affected versions
affected projects
fix link
reference
OpenHarmony-SA-2022-0501
NA
The softbus subsystem in OpenHarmony has a heap overflow vulnerability.
Local attackers can overwrite the memory and get system control.
OpenHarmony-3.0-LTS
communication_dsoftbus
Link<https://gitee.com/openharmony/communication_dsoftbus/pulls/1198>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0502
NA
The softbus subsystem in OpenHarmony has a heap overflow vulnerability when receive a tcp message.
LAN attackers can lead to remote code execution(RCE) and get system control.
OpenHarmony-3.0-LTS
communication_dsoftbus
Link<https://gitee.com/openharmony/communication_dsoftbus/pulls/1113>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0503
NA
The softbus subsystem in OpenHarmony has an out-of-bounds access vulnerability when handle a synchronized message from another device.
Local attackers can elevate permissions to SYSTEM.
OpenHarmony-3.0-LTS
communication_dsoftbus
Link<https://gitee.com/openharmony/communication_dsoftbus/pulls/1369>
Reported by OpenHarmony Team
OpenHarmony-SA-2022-0504
NA
The calss Lock in OpenHarmony has a double free vulnerability.
Local attackers can elevate permissions to SYSTEM.
OpenHarmony-3.0-LTS
global_resmgr_standard
Link<https://gitee.com/openharmony/global_resmgr_standard/pulls/136>
Reported by OpenHarmony Team
The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE
severity
affected OpenHarmony versions
fix link
CVE-2022-0778
Medium
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/third_party_openssl/pulls/34>
CVE-2018-25032
High
OpenHarmony-1.0-LTS
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/third_party_zlib/pulls/31>
Link<https://gitee.com/openharmony/third_party_zlib/pulls/30>
CVE-2021-28714
Medium
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/06639c05f98d596690a9…>
CVE-2021-28715
Medium
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/2938e8ac18d248567afe…>
CVE-2022-23222
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/4e695c44106d3f0f9908…>
CVE-2022-0185
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/76a954013f985828558d…>
CVE-2021-22600
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/214329f8032e15f72d39…>
CVE-2022-22942
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/9a967f71164cf3b3fc78…>
CVE-2022-0492
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/ea8f5c0c115c8c61a76b…>
CVE-2022-24448
Low
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/9e4a6ed92bb4e0b964c5…>
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/af9e3d1a2dc61aa346e3…>
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/51fef9de52b5b1431cac…>
CVE-2022-0516
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/8ba71b83e7acfbbf351d…>
CVE-2022-0617
Medium
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/999c29733c45ac8864c6…>
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/7d65b9dbe4277bac42eb…>
CVE-2022-0847
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/b4e786c8ebae053b2158…>
CVE-2022-26490
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/141>
CVE-2022-25636
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/62e62125967779009361…>
CVE-2022-26966
Medium
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/4b80b2d8eba4d9df430b…>
CVE-2022-1011
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/013bad7096d7bee6a3be…>
CVE-2022-27223
High
OpenHarmony-3.0-LTS
Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/5939446d63ddecefdbe3…>
1
0