OpenHarmony 2022年12月安全公告 Security Vulnerabilities in December 2022

6 Dec 2022

      2022年12月安全漏洞

发布于2022.12.06
最后更新于2022.12.06
漏洞编号

相关漏洞

漏洞描述

漏洞影响

CVSS3.1基础得分

受影响的版本

受影响的仓库

修复链接

参考链接

OpenHarmony-SA-2022-1201

CVE-2022-45877

跨设备认证中pin码会明文传输到对端设备进行校验，会降低中间人攻击的难度。

攻击者可在局域网发起攻击，绕过权限管控机制，降低中间人攻击的难度。

8.3

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release

distributedhardware_device_manager
applications_hap
security_device_auth

3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915>
3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364>
3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351>

本项目组上报

OpenHarmony-SA-2022-1202

CVE-2022-41802

内核子系统kernel_liteos_a中系统调用SysClockGetres存在泄漏内核栈的漏洞。

攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。

4.0

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS

kernel_liteos_a

3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>

研究者上报

OpenHarmony-SA-2022-1203

CVE-2022-45126

内核子系统kernel_liteos_a中系统调用SysClockGettime存在泄漏内核栈的漏洞。

攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。

4.0

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS

kernel_liteos_a

3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>

研究者上报

OpenHarmony-SA-2022-1204

CVE-2022-43662

内核子系统kernel_liteos_a中系统调用SysTimerGettime存在泄漏内核栈的漏洞。

攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。

4.0

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS

kernel_liteos_a

3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>

研究者上报

OpenHarmony-SA-2022-1205

CVE-2022-44455

appspawn and nwebspawn服务 对输入缺少校验，存在内存溢出漏洞。

攻击者可在本地发起攻击，恶意应用可以提升权限或造成应用崩溃。

6.8

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

startup_appspawn

3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426>

本项目组上报

OpenHarmony-SA-2022-1206

CVE-2022-45118

通信子系统telephony发送公共事件时带有个人数据，但缺少权限设置。

攻击者可在本地发起攻击，恶意应用可以无权限监听广播获取手机号、短信数据等信息。

6.2

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release

telephony_state_registry
telephony_sms_mms

3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615>

本项目组上报

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE

严重程度

受影响的OpenHarmony版本

修复链接

CVE-2022-20422

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-3303

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-42703

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-41222

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-3239

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-20423

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-41850

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-3586

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3625

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-42432

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3633

低

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3635

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3629

低

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3623

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3646

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3621

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3567

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-43750

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3545

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3523

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-2602

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3628

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-40768

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3566

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3577

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3606

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3649

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3564

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-20409

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-41849

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-20421

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3435

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42719

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42720

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42721

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42722

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-41674

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3535

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3521

低

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3524

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3534

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3542

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>

CVE-2022-3565

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3594

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

Security Vulnerabilities in December 2022

published December 6,2022
updated December 6,2022
Vulnerability ID

related Vulnerability

Vulnerability Description

Vulnerability Impact

CVSS3.1 Base Score

affected versions

affected projects

fix link

reference

OpenHarmony-SA-2022-1201

CVE-2022-45877

PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks.

8.3

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release

distributedhardware_device_manager
applications_hap
security_device_auth

3.1.x<https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915>
3.1.x<https://gitee.com/openharmony/applications_hap/pulls/1364>
3.1.x<https://gitee.com/openharmony/security_device_auth/pulls/351>

Reported by OpenHarmony Team

OpenHarmony-SA-2022-1202

CVE-2022-41802

Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres.

4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

4.0

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS

kernel_liteos_a

3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>

Reported by Researchers

OpenHarmony-SA-2022-1203

CVE-2022-45126

Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime.

4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

4.0

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS

kernel_liteos_a

3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>

Reported by Researchers

OpenHarmony-SA-2022-1204

CVE-2022-43662

Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime.

4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

4.0

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS

kernel_liteos_a

3.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1065>
3.0.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1066>
1.1.x<https://gitee.com/openharmony/kernel_liteos_a/pulls/1075>

Reported by Researchers

OpenHarmony-SA-2022-1205

CVE-2022-44455

The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation.

An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.

6.8

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

startup_appspawn

3.1.x<https://gitee.com/openharmony/startup_appspawn/pulls/361>
3.0.x<https://gitee.com/openharmony/startup_appspawn/pulls/426>

Reported by OpenHarmony Team

OpenHarmony-SA-2022-1206

CVE-2022-45118

Telephony in communication subsystem sends public events with personal data, but the permission is not set.

Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.

6.2

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release

telephony_state_registry
telephony_sms_mms

3.1.x<https://gitee.com/openharmony/telephony_state_registry/pulls/224>
3.1.x<https://gitee.com/openharmony/telephony_sms_mms/pulls/615>

Reported by OpenHarmony Team

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
CVE

severity

affected OpenHarmony versions

fix link

CVE-2022-20422

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-3303

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-42703

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-41222

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-3239

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-20423

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-41850

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/509>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/508>

CVE-2022-3586

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3625

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-42432

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3633

Low

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3635

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3629

Low

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3623

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3646

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3621

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3567

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-43750

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3545

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3523

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-2602

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-3628

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/541>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/537>

CVE-2022-40768

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3566

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3577

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3606

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3649

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-3564

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-20409

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/505>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/506>

CVE-2022-41849

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-20421

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3435

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42719

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42720

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42721

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-42722

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-41674

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3535

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3521

Low

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3524

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3534

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3542

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>

CVE-2022-3565

Medium

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

CVE-2022-3594

High

OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS

3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/502>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/503>

Liuxu (louis)

tags

participants (1)