发布于2022.5.6
|
漏洞编号 |
相关漏洞 |
漏洞描述 |
漏洞影响 |
受影响的版本 |
受影响的仓库 |
修复链接 |
参考链接 |
|
OpenHarmony-SA-2022-0501 |
NA |
软总线子系统存在堆溢出漏洞。 |
攻击者可在本地发起攻击,造成内存访问越界,可获取系统控制权。 |
OpenHarmony-3.0-LTS |
communication_dsoftbus |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0502 |
NA |
软总线子系统在接收TCP消息时存在堆溢出漏洞。 |
攻击者可在局域网内发起攻击,进行远程代码执行,获得系统控制权。 |
OpenHarmony-3.0-LTS |
communication_dsoftbus |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0503 |
NA |
软总线处理设备同步消息时存在越界访问漏洞。 |
攻击者可在局域网内发起攻击,可造成内存访问越界,造成DoS攻击。 |
OpenHarmony-3.0-LTS |
communication_dsoftbus |
本项目组上报 |
|
|
OpenHarmony-SA-2022-0504 |
NA |
Lock类包含的一个指针成员存在重复释放问题。 |
攻击者可在本地发起攻击,可获取系统控制权。 |
OpenHarmony-3.0-LTS |
global_resmgr_standard |
本项目组上报 |
|
CVE |
严重程度 |
受影响的OpenHarmony版本 |
修复链接 |
|
CVE-2022-0778 |
中 |
OpenHarmony-3.0-LTS |
|
|
CVE-2018-25032 |
高 |
OpenHarmony-1.0-LTS |
|
|
CVE-2021-28714 |
中 |
OpenHarmony-3.0-LTS |
|
|
CVE-2021-28715 |
中 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-23222 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0185 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2021-22600 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-22942 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0492 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-24448 |
低 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0516 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0617 |
中 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0847 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-26490 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-25636 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-26966 |
中 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-1011 |
高 |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-27223 |
高 |
OpenHarmony-3.0-LTS |
published May 6,2022
|
Vulnerability ID |
related Vulnerability |
Vulnerability Descripton |
Vulnerability Impact |
affected versions |
affected projects |
fix link |
reference |
|
OpenHarmony-SA-2022-0501 |
NA |
The softbus subsystem in OpenHarmony has a heap overflow vulnerability. |
Local attackers can overwrite the memory and get system control. |
OpenHarmony-3.0-LTS |
communication_dsoftbus |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0502 |
NA |
The softbus subsystem in OpenHarmony has a heap overflow vulnerability when receive a tcp message. |
LAN attackers can lead to remote code execution(RCE) and get system control. |
OpenHarmony-3.0-LTS |
communication_dsoftbus |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0503 |
NA |
The softbus subsystem in OpenHarmony has an out-of-bounds access vulnerability when handle a synchronized message from another device. |
Local attackers can elevate permissions to SYSTEM. |
OpenHarmony-3.0-LTS |
communication_dsoftbus |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-0504 |
NA |
The calss Lock in OpenHarmony has a double free vulnerability. |
Local attackers can elevate permissions to SYSTEM. |
OpenHarmony-3.0-LTS |
global_resmgr_standard |
Reported by OpenHarmony Team |
|
CVE |
severity |
affected OpenHarmony versions |
fix link |
|
CVE-2022-0778 |
Medium |
OpenHarmony-3.0-LTS |
|
|
CVE-2018-25032 |
High |
OpenHarmony-1.0-LTS |
|
|
CVE-2021-28714 |
Medium |
OpenHarmony-3.0-LTS |
|
|
CVE-2021-28715 |
Medium |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-23222 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0185 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2021-22600 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-22942 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0492 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-24448 |
Low |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0516 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0617 |
Medium |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-0847 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-26490 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-25636 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-26966 |
Medium |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-1011 |
High |
OpenHarmony-3.0-LTS |
|
|
CVE-2022-27223 |
High |
OpenHarmony-3.0-LTS |