OpenHarmony 2022年10月安全公告 Security Vulnerabilities in October 2022

11 Oct 2022


      2022年10月安全漏洞

发布于2022.10.11
最后更新于2022.10.11
漏洞编号

相关漏洞

漏洞描述

漏洞影响

CVSS3.1基础得分

受影响的版本

受影响的仓库

修复链接

参考链接

OpenHarmony-SA-2022-1001

CVE-2022-42488

启动子系统param服务缺少权限校验。

攻击者可在本地发起攻击，获取root权限，关闭安全特性或对任意服务造成DoS攻击。

8.4

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

startup_init_lite

3.1.xhttps://gitee.com/openharmony/startup_init_lite/pulls/1104
3.1.xhttps://gitee.com/openharmony/startup_init_lite/pulls/1074

本项目组上报

OpenHarmony-SA-2022-1002

CVE-2022-42464

dev/mmz_userdev驱动存在内核内存非法映射漏洞。

攻击者可在本地发起攻击，非法映射内存并进行读写，可提升到root权限或造成设备重启。利用此漏洞需要system UID。

6.7

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

device_board_hisilicon
device_hisilicon_hi3516dv300

3.1.xhttps://gitee.com/openharmony/device_board_hisilicon/pulls/135
3.0.xhttps://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87

本项目组上报

OpenHarmony-SA-2022-1003

CVE-2022-41686

dev/mmz_userdev驱动存在越界读写漏洞。

攻击者可在本地发起攻击，越界读写内存地址，造成内存泄露或崩溃。利用此漏洞需要system UID。

5.1

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

device_board_hisilicon
device_hisilicon_hispark_taurus

3.1.xhttps://gitee.com/openharmony/device_soc_hisilicon/pulls/287
3.0.xhttps://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127

本项目组上报

OpenHarmony-SA-2022-1004

CVE-2022-42463

通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。

攻击者可以在分布式网络发起攻击，发送蓝牙rfcomm报文到任意远程设备，执行任意命令。

8.3

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

communication_dsoftbus

3.1.xhttps://gitee.com/openharmony/communication_dsoftbus/pulls/2348

本项目组上报

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE

严重程度

受影响的OpenHarmony版本

修复链接

CVE-2022-27405

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS

3.1.xhttps://gitee.com/openharmony/third_party_freetype/pulls/32
3.0.xhttps://gitee.com/openharmony/third_party_freetype/pulls/31
1.1.xhttps://gitee.com/openharmony/third_party_freetype/pulls/30

CVE-2022-2959

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/428
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/436

CVE-2022-2991

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/428
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/436

CVE-2022-2938

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/430
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/434

CVE-2022-2586

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/427
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402

CVE-2022-2588

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402

CVE-2022-2585

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402

CVE-2022-2503

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/431
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/435

CVE-2022-20369

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402

CVE-2022-20368

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402

CVE-2022-2639

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392

CVE-2022-36123

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402

CVE-2022-36946

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392

CVE-2022-36879

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/369

CVE-2022-2327

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392

CVE-2022-21505

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/368

CVE-2021-33655

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392

CVE-2021-33656

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/437
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/369

CVE-2022-2861

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2860

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2613

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2612

低

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2610

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2607

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2606

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2624

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2623

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2620

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2619

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2617

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2616

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2615

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-2614

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274

CVE-2022-35737

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS

3.1.xhttps://gitee.com/openharmony/third_party_sqlite/pulls/38
3.0.xhttps://gitee.com/openharmony/third_party_sqlite/pulls/37

CVE-2022-2415

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_chromium/pulls/35

CVE-2022-1919

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_chromium/pulls/35

CVE-2022-35252

低

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS

3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/83
3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/85
1.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/86

CVE-2022-3028

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/440
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/442

CVE-2022-2977

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/440
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/442

CVE-2022-2964

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/440
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/442

CVE-2022-39188

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477

CVE-2022-3078

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477

CVE-2022-2905

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477

CVE-2022-39842

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477

CVE-2022-3061

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/443
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/444

CVE-2021-29921

严重

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/19

CVE-2022-0391

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/23

CVE-2021-3737

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/20

CVE-2021-4189

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/21

CVE-2021-3733

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/22

CVE-2021-28861

高

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release

3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/24

CVE-2022-40307

中

OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS

3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/463
3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/464

Liuxu (louis)

tags

participants (1)