OpenHarmony 2022年11月安全公告 Security Vulnerabilities in November 2022 - Security-bulletin

1 Nov 2022

2022年11月安全漏洞

发布于2022.11.1
最后更新于2022.11.11
漏洞编号

相关漏洞

漏洞描述

漏洞影响

CVSS3.1基础得分

受影响的版本

受影响的仓库

修复链接

参考链接

OpenHarmony-SA-2022-1101

CVE-2022-43451

启动子系统appspawn和nwebspawn服务存在路径穿越漏洞。

攻击者可在本地发起攻击，造成任意路径穿越，可穿越沙箱。如果结合其他漏洞可进一步获取root权限。

8.4

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

startup_appspawn

3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>

本项目组上报

OpenHarmony-SA-2022-1102

CVE-2022-43449

download_server存在任意文件读取漏洞。

攻击者可在本地发起攻击，读取文件系统上任意可被download_server访问的文件。

6.2

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

request_request

3.1.x<https://gitee.com/openharmony/request_request/pulls/207>

本项目组上报

OpenHarmony-SA-2022-1103

CVE-2022-43495

distributedhardware_device_manage在设备组网过程中收到异常报文会导致设备重启。

攻击者可在局域网发起攻击，在设备组网过程中，发送恶意报文，可造成空指针解引用，设备重启。

6.5

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

distributedhardware_device_manager

3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/p…

本项目组上报

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE

严重程度

受影响的OpenHarmony版本

修复链接

CVE-2022-2295

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2294

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-26373

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495>

CVE-2022-23816

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>

CVE-2022-29901

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>

CVE-2022-29900

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>

CVE-2022-2481

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2480

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2478

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2477

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-30790

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.4-LTS

3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50>
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/8…
1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48>

CVE-2022-1462

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490>

CVE-2022-1184

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474>
3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475>

CVE-2022-2663

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>

CVE-2022-39190

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>

CVE-2022-39189

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>

CVE-2022-40674

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19>

CVE-2022-3202

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>

CVE-2022-3199

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release

3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>

Security Vulnerabilities in November 2022

published November 1,2022
updated November 1,2022
Vulnerability ID

related Vulnerability

Vulnerability Description

Vulnerability Impact

CVSS3.1 Base Score

affected versions

affected projects

fix link

reference

OpenHarmony-SA-2022-1101

CVE-2022-43451

Multiple path traversal in appspawn and nwebspawn services.

Local attackers can create arbitrary directories or escape application sandbox.If chained
with other vulnerabilities it would allow an unprivileged process to gain full root
privileges.

8.4

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

startup_appspawn

3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>

Reported by OpenHarmony Team

OpenHarmony-SA-2022-1102

CVE-2022-43449

Arbitrary file read via download_server.

Local attackers can install an malicious application on the device and reveal any file
from the filesystem that is accessible to download_server service which run with UID
1000.

6.2

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

request_request

3.1.x<https://gitee.com/openharmony/request_request/pulls/207>

Reported by OpenHarmony Team

OpenHarmony-SA-2022-1103

CVE-2022-43495

An abnormal packet recieved when distributedhardware_device_manager joining a network
could cause a device reboot.

Network attakcers can send an abonormal packet when joining a network, cause a nullptr
reference and device reboot.

6.5

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

distributedhardware_device_manager

3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/p…

Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE,
severity, and affected OpenHarmony versions provided. For more details, see the security
bulletins released by third-parties.
CVE

severity

affected OpenHarmony versions

fix link

CVE-2022-2295

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2294

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-26373

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/461>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/495>

CVE-2022-23816

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>

CVE-2022-29901

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>

CVE-2022-29900

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/457>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/494>

CVE-2022-2481

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2480

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2478

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-2477

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release

3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/31>

CVE-2022-30790

Critical

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.4-LTS

3.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/50>
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/247>
3.0.x<https://gitee.com/openharmony/third_party_u-boot/pulls/49>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/8…
1.1.x<https://gitee.com/openharmony/third_party_u-boot/pulls/48>

CVE-2022-1462

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/449>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/490>

CVE-2022-1184

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/474>
3.0.x<http://gitee.com/openharmony/kernel_linux_5.10/pulls/475>

CVE-2022-2663

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>

CVE-2022-39190

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>

CVE-2022-39189

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/445>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/489>

CVE-2022-40674

Critical

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/third_party_expat/pulls/20>
3.0.x<https://gitee.com/openharmony/third_party_expat/pulls/19>

CVE-2022-3202

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>

CVE-2022-3199

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release

3.1.x<https://gitee.com/openharmony/web_webview/pulls/349>