[Security-bulletin] 2026年02月安全公告

6 Feb 2026


      发布于2026.02.06

备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。
CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接
CVE-2026-0639LiteOS_a内存泄露漏洞本地攻击者可造成DOS3.3OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Releasekernel_liteos_a6.0.x 5.1.0.x 5.0.3.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2025-68340无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68337无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68336无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68312无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68286无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68264无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68261无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68241无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-64506无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2025-40319无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40308无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40307无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40248无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40220无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40215无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40173无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-40109无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2024-35886高危7.8kernel_linux_5.10OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2024-35821中危5.5kernel_linux_5.10OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2024-26935中危5.5kernel_linux_5.10OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2023-53846无尚未提供kernel_linux_5.10OpenHarmony-5.1.0-Release OpenHarmony-6.0-Release OpenHarmony-5.0.3-Release6.0.x 5.1.0.x 5.0.3.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
对应维护版本安全补丁修改方式参考链接
6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4360
5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4357
5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4359

[Security-bulletin] 2026年02月安全公告

王晨