2023年05月安全漏洞

发布于2023.05.09
最后更新于2023.05.09

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的仓库	受影响的OpenHarmony版本	修复链接
CVE-2021-36647	中	4.7	third_party_mbedtls device_hisilicon_hispark_taurus	OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.0.x 3.0.x
CVE-2023-1382	中	5.5	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-0386	中	5.3	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1281	高	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-28772	高	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1637	低	3.3	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2021-3923	低	3.3	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1380	高	7.1	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1582	中	4.7	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-48434	高	8.1	third_party_ffmpeg	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-1838	中	5.3	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1838	中	5.3	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1855	中	6.3	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-30456	高	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-45934	高	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-2978	高	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-29581	高	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1989	高	7.0	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1829	高	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1990	中	4.8	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1859	中	6.4	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-2004	中	5.3	third_party_freetype	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-2006	高	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-2008	高	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x

Security Vulnerabilities in May 2023

published May 9,2023
updated May 9,2023

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE	severity	CVSS3.1	affected repository	affected OpenHarmony versions	fix link
CVE-2021-36647	Medium	4.7	third_party_mbedtls device_hisilicon_hispark_taurus	OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.0.x 3.0.x
CVE-2023-1382	Medium	5.5	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-0386	Medium	5.3	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1281	High	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-28772	High	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1637	Low	3.3	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2021-3923	Low	3.3	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1380	High	7.1	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1582	Medium	4.7	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-48434	High	8.1	third_party_ffmpeg	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-1838	Medium	5.3	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1838	Medium	5.3	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1855	Medium	6.3	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-30456	High	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-45934	High	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-2978	High	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2022-29581	High	7.8	kernel_linux_4.19	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1989	High	7.0	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1829	High	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1990	Medium	4.8	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-1859	Medium	6.4	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-2004	Medium	5.3	third_party_freetype	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-2006	High	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-2008	High	7.8	kernel_linux_5.10	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x