published October 11,2022
updated October 11,2022
|
Vulnerability ID |
related Vulnerability |
Vulnerability Description |
Vulnerability Impact |
CVSS3.1 Base Score |
affected versions |
affected projects |
fix link |
reference |
|
OpenHarmony-SA-2022-1001 |
CVE-2022-42488 |
Startup subsystem missed permission validation in param service. |
Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features,
or cause DoS by disabling particular services. |
8.4 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
startup_init_lite |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-1002 |
CVE-2022-42464 |
Kernel memory pool override in /dev/mmz_userdev device driver |
If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them
which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. |
6.7 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
device_board_hisilicon |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-1003 |
CVE-2022-41686 |
Out-of-bound memory read and write in /dev/mmz_userdev device driver. |
If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead
to unspecified memory corruption. |
5.1 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
device_board_hisilicon |
Reported by OpenHarmony Team |
|
|
OpenHarmony-SA-2022-1004 |
CVE-2022-42463 |
Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function. |
Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary
commands. |
8.3 |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
communication_dsoftbus |
Reported by OpenHarmony Team |
|
CVE |
severity |
affected OpenHarmony versions |
fix link |
|
CVE-2022-27405 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release |
|
|
CVE-2022-2959 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2991 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2938 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2586 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2588 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2585 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2503 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-20369 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-20368 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2639 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-36123 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-36946 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-36879 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2327 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-21505 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-33655 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-33656 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2861 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2860 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2613 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2612 |
Low |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2610 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2607 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2606 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2624 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2623 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2620 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2619 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2617 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2616 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2615 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2614 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-35737 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2415 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-1919 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-35252 |
Low |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-3028 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2977 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2964 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-39188 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-3078 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-2905 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-39842 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-3061 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-29921 |
Critical |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-0391 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-3737 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-4189 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-3733 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2021-28861 |
High |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release |
|
|
CVE-2022-40307 |
Medium |
OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release |