Security Vulnerabilities in October 2022
Security Vulnerabilities in October 2022 published October 11,2022 updated October 11,2022 Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference OpenHarmony-SA-2022-1001 CVE-2022-42488 Startup subsystem missed permission validation in param service. Local attackers can install an malicious application on the device to elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. 8.4 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release startup_init_lite 3.1.xhttps://gitee.com/openharmony/startup_init_lite/pulls/1104 3.1.xhttps://gitee.com/openharmony/startup_init_lite/pulls/1074 Reported by OpenHarmony Team OpenHarmony-SA-2022-1002 CVE-2022-42464 Kernel memory pool override in /dev/mmz_userdev device driver If the processes with system UID run on the device, local attackers would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot. 6.7 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS device_board_hisilicon device_hisilicon_hi3516dv300 3.0.xhttps://gitee.com/openharmony/device_board_hisilicon/pulls/135 3.1.xhttps://gitee.com/openharmony/device_hisilicon_hi3516dv300/pulls/87 Reported by OpenHarmony Team OpenHarmony-SA-2022-1003 CVE-2022-41686 Out-of-bound memory read and write in /dev/mmz_userdev device driver. If the processes with system user UID run on the device, local attackers would be able to write out-of-bound memory which could lead to unspecified memory corruption. 5.1 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS device_board_hisilicon device_hisilicon_hispark_taurus 3.1.xhttps://gitee.com/openharmony/device_soc_hisilicon/pulls/287 3.0.xhttps://gitee.com/openharmony/device_hisilicon_hispark_taurus/pulls/127 Reported by OpenHarmony Team OpenHarmony-SA-2022-1004 CVE-2022-42463 Softbus_server in communication subsystem has an authentication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. 8.3 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release communication_dsoftbus 3.1.xhttps://gitee.com/openharmony/communication_dsoftbus/pulls/2348 Reported by OpenHarmony Team The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties. CVE severity affected OpenHarmony versions fix link CVE-2022-27405 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.1-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS 3.1.xhttps://gitee.com/openharmony/third_party_freetype/pulls/32 3.0.xhttps://gitee.com/openharmony/third_party_freetype/pulls/31 1.1.xhttps://gitee.com/openharmony/third_party_freetype/pulls/30 CVE-2022-2959 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/428 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/436 CVE-2022-2991 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/428 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/436 CVE-2022-2938 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/430 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/434 CVE-2022-2586 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/427 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402 CVE-2022-2588 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402 CVE-2022-2585 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402 CVE-2022-2503 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/431 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/435 CVE-2022-20369 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402 CVE-2022-20368 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402 CVE-2022-2639 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392 CVE-2022-36123 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/426 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/402 CVE-2022-36946 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392 CVE-2022-36879 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/369 CVE-2022-2327 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392 CVE-2022-21505 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/368 CVE-2021-33655 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/423 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/392 CVE-2021-33656 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/437 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/369 CVE-2022-2861 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2860 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2613 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2612 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2610 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2607 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2606 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2624 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2623 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2620 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2619 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2617 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2616 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2615 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-2614 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/web_webview/pulls/274 CVE-2022-35737 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.5-LTS 3.1.xhttps://gitee.com/openharmony/third_party_sqlite/pulls/38 3.0.xhttps://gitee.com/openharmony/third_party_sqlite/pulls/37 CVE-2022-2415 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_chromium/pulls/35 CVE-2022-1919 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_chromium/pulls/35 CVE-2022-35252 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS OpenHarmony-v1.1.0-release through OpenHarmony-v1.1.5-LTS 3.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/83 3.0.xhttps://gitee.com/openharmony/third_party_curl/pulls/85 1.1.xhttps://gitee.com/openharmony/third_party_curl/pulls/86 CVE-2022-3028 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/440 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/442 CVE-2022-2977 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/440 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/442 CVE-2022-2964 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/440 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/442 CVE-2022-39188 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477 CVE-2022-3078 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477 CVE-2022-2905 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477 CVE-2022-39842 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/450 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/477 CVE-2022-3061 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/443 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/444 CVE-2021-29921 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/19 CVE-2022-0391 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/23 CVE-2021-3737 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/20 CVE-2021-4189 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/21 CVE-2021-3733 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/22 CVE-2021-28861 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release 3.1.xhttps://gitee.com/openharmony/third_party_python/pulls/24 CVE-2022-40307 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS 3.1.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/463 3.0.xhttps://gitee.com/openharmony/kernel_linux_5.10/pulls/464
participants (1)
-
Liuxu (louis)