2024年10月安全公告

8 Oct 2024


      发布于2024.10.08
CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接
CVE-2024-43696liteos_a内核内存泄露漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x
CVE-2024-43697liteos_a内核入参检测不完善漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x
CVE-2024-45382liteos_a内核越界写漏洞本地攻击者可通过本漏洞造成DOS3.3OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x
CVE-2024-39806liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.0-Release OpenHarmony-v4.1-Releasekernel_liteos_a4.0.x 4.1.x
CVE-2024-39831访问控制模块释放后使用漏洞本地攻击者取得高权限后可通过本漏洞造成任意代码执行4.4OpenHarmony-v4.1-Releasesecurity_access_token4.1.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2024-42236中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42232中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42229中危4.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42226中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42161高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42160高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42154高危7.3kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42115中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42114中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42084中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42082中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-42068中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41098中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41087高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41072中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41063中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41041低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41035中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41020中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-41012高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40971低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40961中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40960中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40959中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40942低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40912中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-40905中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-39509低危2.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-39501中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-38615低危3.3kernel_linux_5.10OpenHarmony-v4.1-Release OpenHarmony-v4.0-Release4.0.x 4.1.x
CVE-2024-36031致命9.8kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-35947中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-35884中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-35235中危4.4third_party_cupsOpenHarmony-v4.1-Release4.1.x
CVE-2024-26984中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-26966中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2023-52672高危7.0kernel_linux_5.10OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-5496中危6.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-5843中危6.5web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-3168高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-5840中危6.5web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-5839中危6.5web_webviewOpenHarmony-v4.1-Release4.1.x
CVE-2024-7000中危6.3web_webviewOpenHarmony-v4.1-Release4.1.x
CVE-2024-3170高危8.8web_webviewOpenHarmony-v4.0-Release4.0.x
CVE-2024-5846高危8.8web_webviewOpenHarmony-v4.1-Release4.1.x
CVE-2024-5844高危8.8web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-6291中危4.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-5499中危4.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x
CVE-2024-6992中危6.3web_webviewOpenHarmony-v4.0-Release OpenHarmony-v4.1-Release4.0.x 4.1.x

如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
安全补丁标签链接
2024年10月[4.1.x]
[4.0.x]

王晨

tags

participants (1)