发布于2025.03.04

备注：OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。

CVE	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接
CVE-2025-0587	arkcompiler_ets_runtime整数溢出漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-23234	arkcompiler_ets_runtime栈溢出漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-21098	liteos_a内核存在的权限绕过漏洞	本地攻击者可造成信息泄露	5.5	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	kernel_liteos_a	5.0.2.x 4.1.x
CVE-2025-20042	liteos_a内核越界读漏洞	本地攻击者可造成信息泄露	5.5	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	kernel_liteos_a	5.0.2.x 4.1.x
CVE-2025-22443	arkcompiler_ets_runtime越界读漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-20021	arkcompiler_ets_runtime越界读漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-21089	arkcompiler_ets_runtime越界读漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-22897	arkcompiler_ets_runtime栈溢出漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-23420	arkcompiler_ets_runtime越界写漏洞	本地攻击者可造成DOS	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-22835	arkcompiler_ets_runtime越界写漏洞	本地攻击者可造成DOS	3.8	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-21084	arkcompiler_ets_runtime空指针解引用漏洞	本地攻击者可造成DOS	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-22847	arkcompiler_ets_runtime越界读漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-23418	arkcompiler_ets_runtime越界读漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-20024	arkcompiler_ets_runtime整数溢出漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-21097	arkcompiler_ets_runtime空指针解引用漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-20081	communication_dsoftbus UAF漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	communication_dsoftbus	5.0.2.x 4.1.x
CVE-2025-23409	communication_dsoftbus UAF漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	communication_dsoftbus	5.0.2.x 4.1.x
CVE-2025-20091	communication_dsoftbus UAF漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	communication_dsoftbus	5.0.2.x 4.1.x
CVE-2025-24301	arkcompiler_ets_runtime UAF漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-24309	arkcompiler_ets_runtime越界写漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-23414	arkcompiler_ets_runtime UAF漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-23240	arkcompiler_ets_runtime越界写漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-22837	arkcompiler_ets_runtime空指针解引用漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x 4.1.x
CVE-2025-20011	communication_dsoftbus内存泄露漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	communication_dsoftbus	5.0.2.x 4.1.x
CVE-2025-20626	arkcompiler_ets_runtime UAF漏洞	本地攻击者可在受限场景造成任意代码执行	3.8	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x
CVE-2025-22841	arkcompiler_ets_runtime越界读漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.0.2-Release	arkcompiler_ets_runtime	5.0.2.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的仓库	受影响的OpenHarmony版本	修复链接
CVE-2024-56756	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56698	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56670	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56629	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56616	无	尚未提供	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56615	高危	7.8	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56587	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56586	无	尚未提供	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56574	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-56569	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53221	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53218	无	尚未提供	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53147	无	尚未提供	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53144	无	尚未提供	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53104	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53099	低危	3.5	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

安全补丁标签	链接
2025年03月	[5.0.2.x]
	[4.1.x]