本次安全公告发布于2023.11.07
| CVE | 漏洞描述 | 漏洞影响 | CVSS3.1得分 | 受影响的版本 | 受影响的仓库 | 修复链接 |
|---|---|---|---|---|---|---|
| CVE-2023-4753 | 内核中系统调用接收用户态参数函数使用错误 | 可导致内核crash | 5.5 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2 | kernel_liteos_a | https://gitee.com/openharmony/kernel_liteos_a/pulls/1177 |
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本
| CVE | CVSS 3.1 得分 | 严重程度 | 受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
|---|---|---|---|---|---|
| CVE-2023-42753 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1072 |
| CVE-2023-2163 | 8.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1066 |
| CVE-2023-4863 | 8.8 | 高危 | third_party_chromium | https://gitee.com/openharmony/web_webview/pulls/1009 | |
| CVE-2023-4921 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1061 |
| CVE-2023-4807 | 7.8 | 高危 | third_party_openssl | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/third_party_openssl/pulls/134 |
| CVE-2023-4763 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/988 |
| CVE-2023-4762 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/988 |
| CVE-2023-4622 | 7 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1056 |
| CVE-2023-4623 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1056 |
| CVE-2023-4206 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1056 |
| CVE-2023-4207 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1056 |
| CVE-2023-4208 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1056 |
| CVE-2023-4572 | 8.8 | 高危 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/web_webview/pulls/988 |
| CVE-2023-3777 | 7.8 | 高危 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Release | https://gitee.com/openharmony/kernel_linux_5.10/pulls/1061 |
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至11月。
| 对应维护版本 | 安全补丁修改方式参考链接 |
|---|---|
| 3.2.x | https://gitee.com/openharmony/startup_init/pulls/2330 |