2022年5月安全漏洞 发布于2022.5.6 漏洞编号 相关漏洞 漏洞描述 漏洞影响 受影响的版本 受影响的仓库 修复链接 参考链接 OpenHarmony-SA-2022-0501 NA 软总线子系统存在堆溢出漏洞。 攻击者可在本地发起攻击，造成内存访问越界，可获取系统控制权。 OpenHarmony-3.0-LTS communication_dsoftbus 链接<https://gitee.com/openharmony/communication_dsoftbus/pulls/1198> 本项目组上报 OpenHarmony-SA-2022-0502 NA 软总线子系统在接收TCP消息时存在堆溢出漏洞。 攻击者可在局域网内发起攻击，进行远程代码执行，获得系统控制权。 OpenHarmony-3.0-LTS communication_dsoftbus 链接<https://gitee.com/openharmony/communication_dsoftbus/pulls/1113> 本项目组上报 OpenHarmony-SA-2022-0503 NA 软总线处理设备同步消息时存在越界访问漏洞。 攻击者可在局域网内发起攻击，可造成内存访问越界，造成DoS攻击。 OpenHarmony-3.0-LTS communication_dsoftbus 链接<https://gitee.com/openharmony/communication_dsoftbus/pulls/1369> 本项目组上报 OpenHarmony-SA-2022-0504 NA Lock类包含的一个指针成员存在重复释放问题。 攻击者可在本地发起攻击，可获取系统控制权。 OpenHarmony-3.0-LTS global_resmgr_standard 链接<https://gitee.com/openharmony/global_resmgr_standard/pulls/136> 本项目组上报 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度 受影响的OpenHarmony版本 修复链接 CVE-2022-0778 中 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/third_party_openssl/pulls/34> CVE-2018-25032 高 OpenHarmony-1.0-LTS OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/third_party_zlib/pulls/31> 链接<https://gitee.com/openharmony/third_party_zlib/pulls/30> CVE-2021-28714 中 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/06639c05f98d596690a93b4179235f709fbdfffe> CVE-2021-28715 中 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/2938e8ac18d248567afe744760db99c77aff2253> CVE-2022-23222 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/4e695c44106d3f0f9908ffb1c9593205bb7f80ed> CVE-2022-0185 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/76a954013f985828558dc67851b1a455ae7d3421> CVE-2021-22600 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/214329f8032e15f72d39ab3ecf95b5fab274fe1a> CVE-2022-22942 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/9a967f71164cf3b3fc7874b5f1cc193b3819b402> CVE-2022-0492 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/ea8f5c0c115c8c61a76b3dfa51cddb9c5c40fec4> CVE-2022-24448 低 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/9e4a6ed92bb4e0b964c5e3fff63d20cf46eda38f> 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/af9e3d1a2dc61aa346e33a287fb83c8c0d487881> 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/51fef9de52b5b1431cac919c052f1e82f4cdfbae> CVE-2022-0516 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/8ba71b83e7acfbbf351d3d5b10ced7a4f66c05c9> CVE-2022-0617 中 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/999c29733c45ac8864c64aa8b4b98df436327096> 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/7d65b9dbe4277bac42eb649935cd02fdcd47cfe0> CVE-2022-0847 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/b4e786c8ebae053b21583494b44f97e30b58ec3d> CVE-2022-26490 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/pulls/141> CVE-2022-25636 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/62e6212596777900936105d7dbc18ed2303026c0> CVE-2022-26966 中 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/4b80b2d8eba4d9df430b5b19096299b017541e1d> CVE-2022-1011 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/013bad7096d7bee6a3beb0936060e07644fc251d> CVE-2022-27223 高 OpenHarmony-3.0-LTS 链接<https://gitee.com/openharmony/kernel_linux_5.10/commit/5939446d63ddecefdbe31834c2ee00c5bc0514e2> Security Vulnerabilities in May 2022 published May 6,2022 Vulnerability ID related Vulnerability Vulnerability Descripton Vulnerability Impact affected versions affected projects fix link reference OpenHarmony-SA-2022-0501 NA The softbus subsystem in OpenHarmony has a heap overflow vulnerability. Local attackers can overwrite the memory and get system control. OpenHarmony-3.0-LTS communication_dsoftbus Link<https://gitee.com/openharmony/communication_dsoftbus/pulls/1198> Reported by OpenHarmony Team OpenHarmony-SA-2022-0502 NA The softbus subsystem in OpenHarmony has a heap overflow vulnerability when receive a tcp message. LAN attackers can lead to remote code execution(RCE) and get system control. OpenHarmony-3.0-LTS communication_dsoftbus Link<https://gitee.com/openharmony/communication_dsoftbus/pulls/1113> Reported by OpenHarmony Team OpenHarmony-SA-2022-0503 NA The softbus subsystem in OpenHarmony has an out-of-bounds access vulnerability when handle a synchronized message from another device. Local attackers can elevate permissions to SYSTEM. OpenHarmony-3.0-LTS communication_dsoftbus Link<https://gitee.com/openharmony/communication_dsoftbus/pulls/1369> Reported by OpenHarmony Team OpenHarmony-SA-2022-0504 NA The calss Lock in OpenHarmony has a double free vulnerability. Local attackers can elevate permissions to SYSTEM. OpenHarmony-3.0-LTS global_resmgr_standard Link<https://gitee.com/openharmony/global_resmgr_standard/pulls/136> Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-0778 Medium OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/third_party_openssl/pulls/34> CVE-2018-25032 High OpenHarmony-1.0-LTS OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/third_party_zlib/pulls/31> Link<https://gitee.com/openharmony/third_party_zlib/pulls/30> CVE-2021-28714 Medium OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/06639c05f98d596690a93b4179235f709fbdfffe> CVE-2021-28715 Medium OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/2938e8ac18d248567afe744760db99c77aff2253> CVE-2022-23222 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/4e695c44106d3f0f9908ffb1c9593205bb7f80ed> CVE-2022-0185 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/76a954013f985828558dc67851b1a455ae7d3421> CVE-2021-22600 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/214329f8032e15f72d39ab3ecf95b5fab274fe1a> CVE-2022-22942 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/9a967f71164cf3b3fc7874b5f1cc193b3819b402> CVE-2022-0492 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/ea8f5c0c115c8c61a76b3dfa51cddb9c5c40fec4> CVE-2022-24448 Low OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/9e4a6ed92bb4e0b964c5e3fff63d20cf46eda38f> Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/af9e3d1a2dc61aa346e33a287fb83c8c0d487881> Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/51fef9de52b5b1431cac919c052f1e82f4cdfbae> CVE-2022-0516 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/8ba71b83e7acfbbf351d3d5b10ced7a4f66c05c9> CVE-2022-0617 Medium OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/999c29733c45ac8864c64aa8b4b98df436327096> Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/7d65b9dbe4277bac42eb649935cd02fdcd47cfe0> CVE-2022-0847 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/b4e786c8ebae053b21583494b44f97e30b58ec3d> CVE-2022-26490 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/pulls/141> CVE-2022-25636 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/62e6212596777900936105d7dbc18ed2303026c0> CVE-2022-26966 Medium OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/4b80b2d8eba4d9df430b5b19096299b017541e1d> CVE-2022-1011 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/013bad7096d7bee6a3beb0936060e07644fc251d> CVE-2022-27223 High OpenHarmony-3.0-LTS Link<https://gitee.com/openharmony/kernel_linux_5.10/commit/5939446d63ddecefdbe31834c2ee00c5bc0514e2>