发布于2025.07.01


备注:OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。

OpenHarmony-4.1-Release分支当前已停止维护,后续这个分支的安全漏洞也不再维护,详情参见社区公告。 OpenHarmony-4.1-Release分支停止维护公告

CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接
CVE-2025-24925applications_settings 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releaseapplications_settings5.0.3.x
CVE-2025-27536arkcompiler_ets_runtime类型混淆漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasearkcompiler_ets_runtime5.0.3.x
CVE-2025-24298kernel_liteos_a UAF漏洞本地攻击者可造成DOS高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x
CVE-2025-27128kernel_liteos_a UAF漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x
CVE-2025-26690communication_dsoftbus 空指针解引用漏洞本地攻击者可造成任意代码执行低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x
CVE-2025-25212distributeddatamgr_pasteboard 不当输入验证漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasedistributeddatamgr_pasteboard5.0.3.x
CVE-2025-27562communication_dsoftbus 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x
CVE-2025-24844communication_dsoftbus 内存泄露漏洞本地攻击者可造成DOS低危3.3OpenHarmony-v5.0.3-Releasecommunication_dsoftbus5.0.3.x

以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。

CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2025-21999高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21926尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21785高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21776尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21764高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21762高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-58058中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-58020尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-58009尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57981中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56720尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56571尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-35823中危5.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-27032中危6.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26982高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26960中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26886中危6.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26779中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26759中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26747中危4.4kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26671中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26665高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-53118尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-52653中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-52619中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49897尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49630尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49443低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49135中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2021-47558中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2021-47432中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2021-47182中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x

以下是各维护版本的安全补丁标签,请在合入当月及之前全部对应安全补丁之后,更新安全补丁标签。

对应维护版本安全补丁修改方式参考链接
5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/3905