发布于2024.07.02
| CVE | 漏洞描述 | 漏洞影响 | 严重 程度 | 受影响的版本 | 受影响的仓库 | 修复链接 |
|---|---|---|---|---|---|---|
| CVE-2024-31071 | 方舟eTS运行时类型混淆漏洞 | 本地攻击者通过本漏洞造成app crash | 低危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_runtime | |
| CVE-2024-37030 | 方舟eTS运行时释放后使用漏洞 | 远程攻击者通过本漏洞可在任意应用中执行代码 | 高危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_frontend | |
| CVE-2024-36243 | 方舟eTS运行时跨界内存读漏洞 | 远程攻击者通过本漏洞可在任意应用中执行代码 | 高危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_runtime | |
| CVE-2024-36278 | 方舟eTS运行时类型混淆漏洞 | 本地攻击者通过本漏洞造成app crash | 低危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_runtime | |
| CVE-2024-36260 | 方舟eTS运行时跨界内存写漏洞 | 远程攻击者通过本漏洞可在任意应用中执行代码 | 高危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_runtime | |
| CVE-2024-37185 | 方舟eTS运行时跨界内存写漏洞 | 远程攻击者通过本漏洞可在任意应用中执行代码 | 高危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_runtime | |
| CVE-2024-37077 | 方舟eTS运行时跨界内存写漏洞 | 远程攻击者通过本漏洞可在任意应用中执行代码 | 高危 | OpenHarmony-v4.0-Releas | arkcompiler_ets_runtime |
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本
| CVE | 严重程度 | CVSS 3.1 得分 | 受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
|---|---|---|---|---|---|
| CVE-2021-47474 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2021-47479 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2021-47483 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2021-47485 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2021-47506 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2021-47521 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2022-48655 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2023-52467 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2024-26602 | 中危 | 5.5 | OpenHarmony-v4.0-Release | ||
| CVE-2024-26852 | 中危 | 4.6 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-26862 | 中危 | 4.6 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2024-26883 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-26884 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-26885 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-26901 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-26903 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-26923 | 低危 | 2.6 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-27004 | 中危 | 4.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-27038 | 低危 | 2.7 | kernel_linux_5.10 | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-31755 | 中危 | 5.5 | third_party_cJSON | OpenHarmony-v4.0-Release |
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至07月。
| 对应维护版本 | 安全补丁修改方式参考链接 |
|---|---|
| 4.1.x | https://gitee.com/openharmony/startup_init/pulls/2895 |
| 4.0.x | https://gitee.com/openharmony/startup_init/pulls/2894 |