2023年02月安全漏洞

发布于2022.02.07
最后更新于2022.02.07

漏洞编号	相关漏洞	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接	参考链接
OpenHarmony-SA-2023-0201	CVE-2023-0083	ArkUI框架子系统未对入参进行类型检查导致类型混淆，造成访问非法内存。	攻击者可在本地内发起攻击，造成当前应用崩溃。	4.0	OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS	arkui_ace_engine	3.1.x 3.0.x	研究员上报
OpenHarmony-SA-2023-0202	CVE-2023-22301	内核子系统中hmdfs存在内核任意内存越界读漏洞。	攻击者可发起远程攻击，可获取目标系统的内核内存数据。	6.5	OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release	kernel_linux_5.10	3.1.x	研究员上报
OpenHarmony-SA-2023-0203	CVE-2023-22436	内核子系统中check_permission_for_set_tokenid函数中存在UAF漏洞。	本地攻击者利用该漏洞攻击可以权限提升，获得root权限。	7.8	OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release	kernel_linux_5.10	3.1.x	研究员上报

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	受影响的OpenHarmony版本	修复链接
CVE-2022-2347	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-4135	严重	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4186	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4438	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4437	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4436	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-41218	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3424	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-4129	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-42328	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3643	严重	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3105	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3104	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3115	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3113	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3112	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3111	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3108	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3107	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3106	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47519	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-43551	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-43552	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-47518	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47520	低	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47521	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3109	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-4662	中	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3890	严重	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-20568	高	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x

Security Vulnerabilities in Feburary 2023

published Feburary 7,2023
updated Feburary 7,2023

Vulnerability ID	related Vulnerability	Vulnerability Description	Vulnerability Impact	CVSS3.1 Base Score	affected versions	affected projects	fix link	reference
OpenHarmony-SA-2023-0201	CVE-2023-0083	The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.	Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.	4.0	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	arkui_ace_engine	3.1.x 3.0.x	Reported by researchers
OpenHarmony-SA-2023-0202	CVE-2023-22301	The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.	Network attackers can launch a remote attack to obtain kernel memory data of the target system.	6.5	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	kernel_linux_5.10	3.1.x	Reported by researchers
OpenHarmony-SA-2023-0203	CVE-2023-22436	The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability.	Local attackers can exploit this vulnerability to escalate the privilege to root.	7.8	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	kernel_linux_5.10	3.1.x	Reported by researchers

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE	severity	affected OpenHarmony versions	fix link
CVE-2022-2347	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-4135	Critical	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4186	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4438	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4437	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-4436	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-41218	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3424	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-4129	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-42328	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3643	Critical	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3105	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3104	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3115	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3113	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3112	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3111	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3108	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3107	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3106	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47519	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-43551	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-43552	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-47518	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47520	Low	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-47521	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3109	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS	3.1.x 3.0.x 1.1.x
CVE-2022-4662	Medium	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x
CVE-2022-3890	Critical	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release	3.1.x
CVE-2022-20568	High	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS	3.1.x 3.0.x