2025年01月安全公告

7 Jan 2025


      发布于2025.01.07 

备注：OpenHarmony 5.0阶段各分支中当前仅对OpenHarmony-5.0.2-Release分支进行安全漏洞维护。
CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接
CVE-2024-45070liteos_a内核越界读漏洞本地攻击者可通过本漏洞造成信息泄露5.5OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x
CVE-2024-47398liteos_a内核越界写漏洞本地攻击者可通过本漏洞造成设备无法启动8.8OpenHarmony-v4.1-Releasekernel_liteos_a4.1.x
CVE-2024-54030软总线释放后使用漏洞本地攻击者可通过本漏洞造成DOS4.4OpenHarmony-v4.1-Releasecommunication_dsoftbus4.1.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2024-50154高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50138高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50131高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50082中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50067高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50063低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50058低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50046低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50044中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50038低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50036低危0.0kernel_linux_5.10OpenHarmony-v4.0-Release4.1.x
CVE-2024-50035低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50033低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50028低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50024低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50018高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50015中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50014中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50010低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-50006低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49978中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49967中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49960高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49959低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49950中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49948低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49940中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49889低危0.0kernel_linux_5.10OpenHarmony-v4.0-Release4.1.x
CVE-2024-49884低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49883低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49882中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49881低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49859低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-49851中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47742中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47740中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47738中危5.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47728低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47726低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47713中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47707中危4.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47705中危5.7kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47701高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47698高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47697高危8.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47691高危7.1kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47690中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47685中危4.3kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47684低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47679中危4.6kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-47678低危3.5kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2024-44986高危7.8kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2022-48975低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x
CVE-2022-48961低危0.0kernel_linux_5.10OpenHarmony-v4.1-Release4.1.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
安全补丁标签链接
2025年01月
[4.1.x]

王晨

tags

participants (1)