发布于2024.05.07 备注：OpenHarmony 3.2-Release分支已停止维护，后续该分支的安全漏洞也不再维护，详情参见： OpenHarmony 3.2-Release分支停止维护公告 CVE漏洞描述漏洞影响严重程度受影响的版本受影响的仓库修复链接 CVE-2024-27217MSDP释放后使用漏洞本地攻击者通过本漏洞可在预装应用中执行任意代码中危OpenHarmony-v4.0-Releasemsdp_device_status4.0.x CVE-2024-23808Ark编译器前端越界读漏洞本地攻击者通过本漏洞可在预装应用中执行任意代码中危OpenHarmony-v4.0-Releasearkcompiler_ets_frontend4.0.x CVE-2024-31078蓝牙服务释放后使用漏洞本地攻击者通过本漏洞造成服务crash低危OpenHarmony-v4.0-Releasecommunication_bluetooth_service4.0.x CVE-2024-3757Ark运行时整数溢出漏洞本地攻击者通过本漏洞造成应用crash低危OpenHarmony-v4.0-Releasearkcompiler_ets_runtime4.0.x CVE-2024-3758Hmdfs堆溢出漏洞本地攻击者通过本漏洞可在TCB中执行任意代码中危OpenHarmony-v4.0-Releasekernel_linux_5.104.0.x CVE-2024-3759Hmdfs释放后使用漏洞本地攻击者通过本漏洞可在TCB中执行任意代码中危OpenHarmony-v4.0-Releasekernel_linux_5.104.0.x 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本 CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2024-26614中危5.3kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26606低危3.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2024-26589高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-6176中危4.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-6121中危4.3kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52492中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52486中危4.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52444高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52443中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52438高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-52435中危5.5kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2023-51779中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-46945中危5.7kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x CVE-2021-33631高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x 请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至05月。 对应维护版本安全补丁修改方式参考链接 4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2728