2023年11月安全公告

7 Nov 2023


      本次安全公告发布于2023.11.07
CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接
CVE-2023-4753内核中系统调用接收用户态参数函数使用错误可导致内核crash5.5 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2kernel_liteos_ahttps://gitee.com/openharmony/kernel_liteos_a/pulls/1177


以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本
CVECVSS 3.1 得分严重程度受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2023-427537.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1072
CVE-2023-21638.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1066
CVE-2023-48638.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/1009
CVE-2023-49217.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1061
CVE-2023-48077.8高危third_party_opensslOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/third_party_openssl/pulls/134
CVE-2023-47638.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/988
CVE-2023-47628.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/988
CVE-2023-46227高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1056
CVE-2023-46237.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1056
CVE-2023-42067.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1056
CVE-2023-42077.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1056
CVE-2023-42087.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1056
CVE-2023-45728.8高危third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/web_webview/pulls/988
CVE-2023-37777.8高危kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.2-Releasehttps://gitee.com/openharmony/kernel_linux_5.10/pulls/1061

请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至11月。
对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2330

王晨

tags

participants (1)