2025年08月安全公告

5 Aug 2025


      发布于2025.08.05

备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。
CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接
CVE-2025-27577kernel_liteos_a 条件竞争漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x
CVE-2025-25278kernel_liteos_a 条件竞争漏洞本地攻击者可造成任意代码执行高危8.4OpenHarmony-v5.0.3-Releasekernel_liteos_a5.0.3.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2025-39728中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37794中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37792无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37785低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37780无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37766无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37756无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37749无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37739无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37738高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-23150无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22121高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22075无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22045无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22035无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22021无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22005中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21956无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21760高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21701低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-58237高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-58083无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57798高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56769中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56763中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56369中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-27056中危4.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-53091无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49910高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49901中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49889中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-20566高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2021-47636高危7.1kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2021-47634高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
对应维护版本安全补丁修改方式参考链接
5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/3977

王晨

tags

participants (1)