2022年10月安全漏洞
发布于2022.10.11
最后更新于2022.10.11
漏洞编号
相关漏洞
漏洞描述
漏洞影响
CVSS3.1基础得分
受影响的版本
受影响的仓库
修复链接
参考链接
OpenHarmony-SA-2022-1001
CVE-2022-42488
启动子系统param服务缺少权限校验。
攻击者可在本地发起攻击,获取root权限,关闭安全特性或对任意服务造成DoS攻击。
8.4
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
startup_init_lite
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1104>
3.1.x<https://gitee.com/openharmony/startup_init_lite/pulls/1074>
本项目组上报
OpenHarmony-SA-2022-1002
CVE-2022-42464
dev/mmz_userdev驱动存在内核内存非法映射漏洞。
攻击者可在本地发起攻击,非法映射内存并进行读写,可提升到root权限或造成设备重启。利用此漏洞需要system UID。
6.7
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hi3516dv300
3.1.x<https://gitee.com/openharmony/device_board_hisilicon/pulls/135>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/8…
本项目组上报
OpenHarmony-SA-2022-1003
CVE-2022-41686
dev/mmz_userdev驱动存在越界读写漏洞。
攻击者可在本地发起攻击,越界读写内存地址,造成内存泄露或崩溃。利用此漏洞需要system UID。
5.1
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
device_board_hisilicon
device_hisilicon_hispark_taurus
3.1.x<https://gitee.com/openharmony/device_soc_hisilicon/pulls/287>
3.0.x<https://gitee.com/openharmony/device_hisilicon_hispark_taurus/pull…
本项目组上报
OpenHarmony-SA-2022-1004
CVE-2022-42463
通信子系统softbus_server服务的一个回调处理函数存在无需认证和加密的漏洞。
攻击者可以在分布式网络发起攻击,发送蓝牙rfcomm报文到任意远程设备,执行任意命令。
8.3
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
communication_dsoftbus
3.1.x<https://gitee.com/openharmony/communication_dsoftbus/pulls/2348>
本项目组上报
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
CVE
严重程度
受影响的OpenHarmony版本
修复链接
CVE-2022-27405
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.1-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/32>
3.0.x<https://gitee.com/openharmony/third_party_freetype/pulls/31>
1.1.x<https://gitee.com/openharmony/third_party_freetype/pulls/30>
CVE-2022-2959
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2991
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/428>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/436>
CVE-2022-2938
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/430>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/434>
CVE-2022-2586
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/427>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2588
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2585
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2503
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/431>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/435>
CVE-2022-20369
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-20368
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-2639
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36123
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/426>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/402>
CVE-2022-36946
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-36879
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2327
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2022-21505
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/368>
CVE-2021-33655
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/423>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/392>
CVE-2021-33656
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/437>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/369>
CVE-2022-2861
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2860
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2613
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2612
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2610
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2607
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2606
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2624
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2623
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2620
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2619
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2617
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2616
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2615
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-2614
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/web_webview/pulls/274>
CVE-2022-35737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_sqlite/pulls/38>
3.0.x<https://gitee.com/openharmony/third_party_sqlite/pulls/37>
CVE-2022-2415
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-1919
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_chromium/pulls/35>
CVE-2022-35252
低
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
OpenHarmony-v1.1.0-release到OpenHarmony-v1.1.5-LTS
3.1.x<https://gitee.com/openharmony/third_party_curl/pulls/83>
3.0.x<https://gitee.com/openharmony/third_party_curl/pulls/85>
1.1.x<https://gitee.com/openharmony/third_party_curl/pulls/86>
CVE-2022-3028
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2977
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-2964
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/440>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/442>
CVE-2022-39188
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3078
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-2905
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-39842
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/450>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/477>
CVE-2022-3061
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/443>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/444>
CVE-2021-29921
严重
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/19>
CVE-2022-0391
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/23>
CVE-2021-3737
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/20>
CVE-2021-4189
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/21>
CVE-2021-3733
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/22>
CVE-2021-28861
高
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release
3.1.x<https://gitee.com/openharmony/third_party_python/pulls/24>
CVE-2022-40307
中
OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release
OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS
3.1.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/463>
3.0.x<https://gitee.com/openharmony/kernel_linux_5.10/pulls/464>