2022年5月安全漏洞 发布于2022.5.6 漏洞编号 相关漏洞 漏洞描述 漏洞影响 受影响的版本 受影响的仓库 修复链接 参考链接 OpenHarmony-SA-2022-0501 NA 软总线子系统存在堆溢出漏洞。 攻击者可在本地发起攻击，造成内存访问越界，可获取系统控制权。 OpenHarmony-3.0-LTS communication_dsoftbus 链接https://gitee.com/openharmony/communication_dsoftbus/pulls/1198 本项目组上报 OpenHarmony-SA-2022-0502 NA 软总线子系统在接收TCP消息时存在堆溢出漏洞。 攻击者可在局域网内发起攻击，进行远程代码执行，获得系统控制权。 OpenHarmony-3.0-LTS communication_dsoftbus 链接https://gitee.com/openharmony/communication_dsoftbus/pulls/1113 本项目组上报 OpenHarmony-SA-2022-0503 NA 软总线处理设备同步消息时存在越界访问漏洞。 攻击者可在局域网内发起攻击，可造成内存访问越界，造成DoS攻击。 OpenHarmony-3.0-LTS communication_dsoftbus 链接https://gitee.com/openharmony/communication_dsoftbus/pulls/1369 本项目组上报 OpenHarmony-SA-2022-0504 NA Lock类包含的一个指针成员存在重复释放问题。 攻击者可在本地发起攻击，可获取系统控制权。 OpenHarmony-3.0-LTS global_resmgr_standard 链接https://gitee.com/openharmony/global_resmgr_standard/pulls/136 本项目组上报 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE 严重程度 受影响的OpenHarmony版本 修复链接 CVE-2022-0778 中 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/third_party_openssl/pulls/34 CVE-2018-25032 高 OpenHarmony-1.0-LTS OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/third_party_zlib/pulls/31 链接https://gitee.com/openharmony/third_party_zlib/pulls/30 CVE-2021-28714 中 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/06639c05f98d596690a93... CVE-2021-28715 中 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/2938e8ac18d248567afe7... CVE-2022-23222 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/4e695c44106d3f0f9908f... CVE-2022-0185 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/76a954013f985828558dc... CVE-2021-22600 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/214329f8032e15f72d39a... CVE-2022-22942 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/9a967f71164cf3b3fc787... CVE-2022-0492 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/ea8f5c0c115c8c61a76b3... CVE-2022-24448 低 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/9e4a6ed92bb4e0b964c5e... 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/af9e3d1a2dc61aa346e33... 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/51fef9de52b5b1431cac9... CVE-2022-0516 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/8ba71b83e7acfbbf351d3... CVE-2022-0617 中 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/999c29733c45ac8864c64... 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/7d65b9dbe4277bac42eb6... CVE-2022-0847 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/b4e786c8ebae053b21583... CVE-2022-26490 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/pulls/141 CVE-2022-25636 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/62e621259677790093610... CVE-2022-26966 中 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/4b80b2d8eba4d9df430b5... CVE-2022-1011 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/013bad7096d7bee6a3beb... CVE-2022-27223 高 OpenHarmony-3.0-LTS 链接https://gitee.com/openharmony/kernel_linux_5.10/commit/5939446d63ddecefdbe31... Security Vulnerabilities in May 2022 published May 6,2022 Vulnerability ID related Vulnerability Vulnerability Descripton Vulnerability Impact affected versions affected projects fix link reference OpenHarmony-SA-2022-0501 NA The softbus subsystem in OpenHarmony has a heap overflow vulnerability. Local attackers can overwrite the memory and get system control. OpenHarmony-3.0-LTS communication_dsoftbus Linkhttps://gitee.com/openharmony/communication_dsoftbus/pulls/1198 Reported by OpenHarmony Team OpenHarmony-SA-2022-0502 NA The softbus subsystem in OpenHarmony has a heap overflow vulnerability when receive a tcp message. LAN attackers can lead to remote code execution(RCE) and get system control. OpenHarmony-3.0-LTS communication_dsoftbus Linkhttps://gitee.com/openharmony/communication_dsoftbus/pulls/1113 Reported by OpenHarmony Team OpenHarmony-SA-2022-0503 NA The softbus subsystem in OpenHarmony has an out-of-bounds access vulnerability when handle a synchronized message from another device. Local attackers can elevate permissions to SYSTEM. OpenHarmony-3.0-LTS communication_dsoftbus Linkhttps://gitee.com/openharmony/communication_dsoftbus/pulls/1369 Reported by OpenHarmony Team OpenHarmony-SA-2022-0504 NA The calss Lock in OpenHarmony has a double free vulnerability. Local attackers can elevate permissions to SYSTEM. OpenHarmony-3.0-LTS global_resmgr_standard Linkhttps://gitee.com/openharmony/global_resmgr_standard/pulls/136 Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-0778 Medium OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/third_party_openssl/pulls/34 CVE-2018-25032 High OpenHarmony-1.0-LTS OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/third_party_zlib/pulls/31 Linkhttps://gitee.com/openharmony/third_party_zlib/pulls/30 CVE-2021-28714 Medium OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/06639c05f98d596690a93... CVE-2021-28715 Medium OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/2938e8ac18d248567afe7... CVE-2022-23222 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/4e695c44106d3f0f9908f... CVE-2022-0185 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/76a954013f985828558dc... CVE-2021-22600 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/214329f8032e15f72d39a... CVE-2022-22942 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/9a967f71164cf3b3fc787... CVE-2022-0492 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/ea8f5c0c115c8c61a76b3... CVE-2022-24448 Low OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/9e4a6ed92bb4e0b964c5e... Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/af9e3d1a2dc61aa346e33... Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/51fef9de52b5b1431cac9... CVE-2022-0516 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/8ba71b83e7acfbbf351d3... CVE-2022-0617 Medium OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/999c29733c45ac8864c64... Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/7d65b9dbe4277bac42eb6... CVE-2022-0847 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/b4e786c8ebae053b21583... CVE-2022-26490 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/141 CVE-2022-25636 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/62e621259677790093610... CVE-2022-26966 Medium OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/4b80b2d8eba4d9df430b5... CVE-2022-1011 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/013bad7096d7bee6a3beb... CVE-2022-27223 High OpenHarmony-3.0-LTS Linkhttps://gitee.com/openharmony/kernel_linux_5.10/commit/5939446d63ddecefdbe31...