发布于2025.02.11

备注：OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。

CVE	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接
CVE-2025-0302	liteos_a内核整数溢出漏洞	本地攻击者可通过本漏洞造成DOS	5.5	OpenHarmony-v4.1-Release	kernel_liteos_a	4.1.x
CVE-2025-0303	liteos_a内核堆栈溢出漏洞	本地攻击者可通过本漏洞获取root权限	8.8	OpenHarmony-v4.1-Release	kernel_liteos_a	4.1.x
CVE-2025-0304	liteos_a内核UAF漏洞	本地攻击者可通过本漏洞获取root权限	8.8	OpenHarmony-v4.1-Release	kernel_liteos_a	4.1.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的仓库	受影响的OpenHarmony版本	修复链接
CVE-2024-53142	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53140	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53125	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-53124	中危	4.7	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-53079	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-53068	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-53066	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-53063	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-53058	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-53054	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50304	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50302	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50301	低危	2.6	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50290	高危	8.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50268	低危	3.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50262	高危	8.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50258	中危	4.8	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-50256	中危	4.8	kernel_linux_5.10	OpenHarmony-v4.1-Release OpenHarmony-v5.0.2-Release	5.0.2.x 4.1.x
CVE-2024-50237	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50195	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50194	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50192	中危	4.6	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50191	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50150	高危	7.1	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50142	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50135	中危	4.6	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50099	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50089	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-50013	中危	5.7	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-49983	高危	8.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-49975	中危	5.7	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-49949	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-47660	低危	0.0	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-46826	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x
CVE-2024-42098	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.1-Release	4.1.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

安全补丁标签	链接
2025年02月	[5.0.2.x]
	[4.1.x]