2025年09月安全公告

2 Sep 2025


      发布于2025.09.02

备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。
CVE漏洞描述漏洞影响严重程度CVSS 3.1得分受影响的版本受影响的仓库修复链接
CVE-2025-26474communication_ipc 不当输入验证漏洞特定场景下, 本地攻击者可造成信息泄露低危3.3OpenHarmony-v5.0.3-Releasecommunication_ipc5.0.3.x
CVE-2025-6969ability_ability_runtime 权限绕过漏洞本地攻击者可造成DOS中危5.0OpenHarmony-v5.0.3-Release) OpenHarmony-v5.1.0-Releaseability_ability_runtime5.0.3.x 5.1.0.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2025-38466无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38424无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38347无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38346无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38337无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38328无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38320无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38312无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38285无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38222无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38219无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38218无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38215无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38214无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38212高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38206无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38194中危4.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38181无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38180高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38166无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38163无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38147无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38126无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38125无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38124中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38117无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38111无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38103无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38097无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38095无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38079无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38068无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38067无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38062无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38058无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38057无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-38023无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37995中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37980中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37959中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37940低危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37937中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37923低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37862无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37859无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37841中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37839中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37836中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37810低危2.6kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37808中危5.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-37807低危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22113无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-22008无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21959无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21922无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21910无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21909无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21881无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21838无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21817中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21766中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21765中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21758无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2025-21708无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-58093无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57986中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57982中危3.5kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57974中危5.3kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57876高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-57850高危8.0kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56780中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56751无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-56719无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-53237无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-53196无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-41062无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-36484无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26947无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2024-26869中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-53001中危5.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-52621高危7.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-52608中危4.7kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-50167无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-50100无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49967无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49961无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49837无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49801无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49728无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49579无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49513无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49444无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49266无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2022-49169无尚未提供kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2021-47618中危4.8kernel_linux_5.10OpenHarmony-v5.0.3-Release5.0.3.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
对应维护版本安全补丁修改方式参考链接
5.1.0.xhttps://gitee.com/openharmony/startup_init/pulls/4062
5.0.3.xhttps://gitee.com/openharmony/startup_init/pulls/4063

王晨

tags

participants (1)