发布于2025.01.07
备注:OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。
| CVE | 漏洞描述 | 漏洞影响 | CVSS3.1基础得分 | 受影响的版本 | 受影响的仓库 | 修复链接 |
|---|
| CVE-2024-45070 | liteos_a内核越界读漏洞 | 本地攻击者可通过本漏洞造成信息泄露 | 5.5 | OpenHarmony-v4.1-Release | kernel_liteos_a | 4.1.x |
| CVE-2024-47398 | liteos_a内核越界写漏洞 | 本地攻击者可通过本漏洞造成设备无法启动 | 8.8 | OpenHarmony-v4.1-Release | kernel_liteos_a | 4.1.x |
| CVE-2024-54030 | 软总线释放后使用漏洞 | 本地攻击者可通过本漏洞造成DOS | 4.4 | OpenHarmony-v4.1-Release | communication_dsoftbus | 4.1.x |
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
| CVE | 严重程度 | CVSS 3.1得分 | 受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
|---|
| CVE-2024-50154 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50138 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50131 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50082 | 中危 | 5.7 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50067 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50063 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50058 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50046 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50044 | 中危 | 4.8 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50038 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50036 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | 4.1.x |
| CVE-2024-50035 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50033 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50028 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50024 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50018 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50015 | 中危 | 5.7 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50014 | 中危 | 4.8 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50010 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-50006 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49978 | 中危 | 5.7 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49967 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49960 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49959 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49950 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49948 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49940 | 中危 | 4.8 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49889 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | 4.1.x |
| CVE-2024-49884 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49883 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49882 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49881 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49859 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-49851 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47742 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47740 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47738 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47728 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47726 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47713 | 中危 | 4.6 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47707 | 中危 | 4.8 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47705 | 中危 | 5.7 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47701 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47698 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47697 | 高危 | 8.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47691 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47690 | 中危 | 4.6 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47685 | 中危 | 4.3 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47684 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47679 | 中危 | 4.6 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-47678 | 低危 | 3.5 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2024-44986 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2022-48975 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
| CVE-2022-48961 | 低危 | 0.0 | kernel_linux_5.10 | OpenHarmony-v4.1-Release | 4.1.x |
以下是各维护版本的安全补丁标签,请在合入当月及之前全部对应安全补丁之后,更新安全补丁标签。