OpenHarmony 2023年05月安全公告 Security Vulnerabilities in May 2023
2023年05月安全漏洞 发布于2023.05.09 最后更新于2023.05.09 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。 CVE 严重程度 CVSS 3.1得分 受影响的仓库 受影响的OpenHarmony版本 修复链接 CVE-2021-36647 中 4.7 third_party_mbedtls device_hisilicon_hispark_taurus OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.0.xhttps://gitee.com/openharmony/third_party_mbedtls/pulls/86 3.0.xhttps://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129 CVE-2023-1382 中 5.5 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/804 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/805 CVE-2023-0386 中 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2023-1281 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-28772 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2023-1637 低 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2021-3923 低 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2023-1380 高 7.1 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1582 中 4.7 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/765 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/766 CVE-2022-48434 高 8.1 third_party_ffmpeg OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.xhttps://gitee.com/openharmony/third_party_ffmpeg/pulls/81 3.1.xhttps://gitee.com/openharmony/third_party_ffmpeg/pulls/82 3.0.xhttps://gitee.com/openharmony/third_party_ffmpeg/pulls/83 CVE-2023-1838 中 5.3 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/773 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/774 CVE-2023-1838 中 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/124 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/125 CVE-2023-1855 中 6.3 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-30456 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2022-45934 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/129 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/130 CVE-2022-2978 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/121 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/122 CVE-2022-29581 高 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/124 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/125 CVE-2023-1989 高 7.0 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1829 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1990 中 4.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1859 中 6.4 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-2004 中 5.3 third_party_freetype OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.2.xhttps://gitee.com/openharmony/third_party_freetype/pulls/51 3.1.xhttps://gitee.com/openharmony/third_party_freetype/pulls/52 3.0.xhttps://gitee.com/openharmony/third_party_freetype/pulls/53 CVE-2023-2006 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/811 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/812 CVE-2023-2008 高 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/787 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/788 Security Vulnerabilities in May 2023 published May 9,2023 updated May 9,2023 The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity CVSS3.1 affected repository affected OpenHarmony versions fix link CVE-2021-36647 Medium 4.7 third_party_mbedtls device_hisilicon_hispark_taurus OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.0.xhttps://gitee.com/openharmony/third_party_mbedtls/pulls/86 3.0.xhttps://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/129 CVE-2023-1382 Medium 5.5 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/804 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/805 CVE-2023-0386 Medium 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2023-1281 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-28772 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2023-1637 Low 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2021-3923 Low 3.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/119 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/120 CVE-2023-1380 High 7.1 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1582 Medium 4.7 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/765 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/766 CVE-2022-48434 High 8.1 third_party_ffmpeg OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.xhttps://gitee.com/openharmony/third_party_ffmpeg/pulls/81 3.1.xhttps://gitee.com/openharmony/third_party_ffmpeg/pulls/82 3.0.xhttps://gitee.com/openharmony/third_party_ffmpeg/pulls/83 CVE-2023-1838 Medium 5.3 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/773 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/774 CVE-2023-1838 Medium 5.3 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/124 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/125 CVE-2023-1855 Medium 6.3 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-30456 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2022-45934 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/129 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/130 CVE-2022-2978 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/121 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/122 CVE-2022-29581 High 7.8 kernel_linux_4.19 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/124 3.0.xhttps://gitee.com/openharmony/kernel_linux_4.19/pulls/125 CVE-2023-1989 High 7.0 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1829 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1990 Medium 4.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-1859 Medium 6.4 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/802 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/803 CVE-2023-2004 Medium 5.3 third_party_freetype OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.2.xhttps://gitee.com/openharmony/third_party_freetype/pulls/51 3.1.xhttps://gitee.com/openharmony/third_party_freetype/pulls/52 3.0.xhttps://gitee.com/openharmony/third_party_freetype/pulls/53 CVE-2023-2006 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/811 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/812 CVE-2023-2008 High 7.8 kernel_linux_5.10 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/787 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/788
participants (1)
-
Liuxu (louis)