16 Star 90 Fork 54

OpenHarmony / security

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
2023-02.md 14.49 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史
louis.liuxu 提交于 2023-02-04 18:01 . security bulletin in Feburary 2023

Security Vulnerabilities in Feburary 2023

published Feburary 3,2023
updated Feburary 3,2023

Vulnerability ID related Vulnerability Vulnerability Description Vulnerability Impact CVSS3.1 Base Score affected versions affected projects fix link reference
OpenHarmony-SA-2023-0201 CVE-2023-0083 The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access. Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. 4.0 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
arkui_ace_engine 3.1.x
3.0.x
Reported by researchers
OpenHarmony-SA-2023-0202 CVE-2023-22301 The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability. Network attackers can launch a remote attack to obtain kernel memory data of the target system. 6.5 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release kernel_linux_5.10 3.1.x Reported by researchers
OpenHarmony-SA-2023-0203 CVE-2023-22436 The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability. Local attackers can exploit this vulnerability to escalate the privilege to root. 7.8 OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release kernel_linux_5.10 3.1.x Reported by researchers

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE severity affected OpenHarmony versions fix link
CVE-2022-2347 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-4135 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x
CVE-2022-4186 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x
CVE-2022-4438 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x
CVE-2022-4437 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x
CVE-2022-4436 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x
CVE-2022-41218 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3424 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-4129 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-42328 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3643 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3105 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3104 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3115 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3113 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3112 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3111 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3108 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3107 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3106 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-47519 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-43551 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-43552 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-47518 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-47520 Low OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-47521 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3109 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS
3.1.x
3.0.x
1.1.x
CVE-2022-4662 Medium OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
CVE-2022-3890 Critical OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release 3.1.x
CVE-2022-20568 High OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release
OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS
3.1.x
3.0.x
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

搜索帮助