发布于2024.04.02
| CVE | 漏洞描述 | 漏洞影响 | 严重程度 | 受影响的版本 | 受影响的仓库 | 修复链接 |
|---|---|---|---|---|---|---|
| CVE-2024-21834 | Arkui类型混淆漏洞 | 本地攻击者通过本漏洞造成app crash | 低危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | arkui_ace_engine | |
| CVE-2024-22177 | Audio权限管理不当漏洞 | 本地攻击者通过本漏洞造成app crash | 低危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | multimedia_audio_framework | |
| CVE-2024-22098 | AVSession释放后使用漏洞 | 本地攻击者通过本漏洞可在任意应用中执行代码 | 中危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | multimedia_av_session | |
| CVE-2024-22180 | Camera释放后使用漏洞 | 本地攻击者通过本漏洞造成DOS | 低危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | multimedia_camera_framework | |
| CVE-2024-29074 | Telephony入参检测不完善漏洞 | 本地攻击者通过本漏洞可在任意应用中执行代码 | 中危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | telephony_cellular_call | |
| CVE-2024-22092 | 包管理权限管理不当漏洞 | 远程攻击者通过本漏洞绕过管控安装应用, 但需要本地用户的交互 | 高危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | bundlemanager_bundle_framework | |
| CVE-2024-24581 | 方舟eTS运行时越界写漏洞 | 本地攻击者通过本漏洞可在任意应用中执行代码 | 中危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | arkcompiler_ets_runtime | |
| CVE-2024-28226 | 文件系统入参检测不完善漏洞 | 远程攻击者通过本漏洞造成DOS | 高危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | kernel_linux_5.10 | |
| CVE-2024-28951 | 方舟eTS运行时释放后使用漏洞 | 本地攻击者通过本漏洞可在预装应用中执行代码 | 中危 | OpenHarmony-v4.0-Release | arkcompiler_ets_runtime | |
| CVE-2024-29086 | 方舟eTS运行时栈溢出漏洞 | 本地攻击者通过本漏洞造成DOS | 低危 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | arkcompiler_ets_runtime |
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本
| CVE | 严重程度 | CVSS 3.1 得分 | 受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
|---|---|---|---|---|---|
| CVE-2024-0641 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2022-48619 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2023-39197 | 中危 | 4.0 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-0584 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2023-46343 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-23851 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-23850 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-23849 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-0639 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-0775 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2023-51043 | 高危 | 7.0 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2023-52340 | 高危 | 7.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2023-46838 | 高危 | 7.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2022-2503 | 中危 | 6.7 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2014-0069 | 高危 | 8.4 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-1086 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2015-5157 | 高危 | 8.4 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2021-46958 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-25062 | 高危 | 7.5 | third_party_libxml2 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-24806 | 致命 | 9.8 | third_party_libuv | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-22195 | 中危 | 6.1 | third_party_jinja2 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-0814 | 中危 | 6.5 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2024-0810 | 中危 | 4.3 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | |
| CVE-2023-6040 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release |
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至04月。
| 对应维护版本 | 安全补丁修改方式参考链接 |
|---|---|
| 3.2.x | https://gitee.com/openharmony/startup_init/pulls/2633 |
| 4.0.x |