2024年3月安全公告

4 Mar 2024


      发布于2024.03.04
CVE漏洞描述漏洞影响CVSS3.1得分受影响的版本受影响的仓库修复链接
CVE-2023-25176剪切板越界读漏洞本地攻击者通过本漏洞造成信息泄露2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasedistributeddatamgr_pasteboard3.2.x
CVE-2023-46708WLAN UAF漏洞本地攻击者通过本漏洞可在任意应用中执行代码4.3OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasecommunication_wifi3.2.x
CVE-2023-49602Arkui 类型混淆漏洞本地攻击者通过本漏洞造成应用崩溃2.9OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasearkui_ace_engine3.2.x 3.2.x
CVE-2024-21816后台任务管理权限管理不当漏洞本地攻击者通过本漏洞绕过鉴权访问数据4.0OpenHarmony-v4.0-Releaseresourceschedule_background_task_mgr4.0.x
CVE-2024-21826密钥管理敏感信息泄露漏洞近场攻击者通过本漏洞造成敏感信息泄露4.3OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Releasesecurity_huks3.2.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本
CVE严重程度CVSS 3.1 得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2024-0519高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2024-0518高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2024-0333中危5.3third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2024-0224高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2024-0223高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2024-0222高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-7192中危4.4kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-7024高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-6531高危7.0kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x
CVE-2023-6112高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-5997高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-5996高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-5849高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-5717高危7.8kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x
CVE-2023-5482高危8.8third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-5480中危6.1third_party_chromiumOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-51782中危4.6kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-51781中危4.6kernel_linux_5.10OpenHarmony-v4.0-Release4.0.x
CVE-2023-51780中危4.6kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x
CVE-2023-45897致命9.1third_party_exfatprogsOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x
CVE-2022-46908高危7.3third_party_sqliteOpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release3.2.x
CVE-2021-44879中危5.5kernel_linux_5.10OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release4.0.x 3.2.x

请在合入当月及之前全部已公开安全补丁之后，参考如下各维护版本的安全补丁标签更新方法，更新安全补丁标签至03月。


对应维护版本安全补丁修改方式参考链接
3.2.xhttps://gitee.com/openharmony/startup_init/pulls/2550
4.0.xhttps://gitee.com/openharmony/startup_init/pulls/2549

王晨

tags

participants (1)