16 Star 94 Fork 73

OpenHarmony / security

Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
Clone or Download
2024-04.md 12.56 KB
Copy Edit Raw Blame History
wangchen authored 2024-04-02 11:46 . 新增2024年4月安全公告

2024年04月安全漏洞

发布于2024.04.02
最后更新于2024.04.02

CVE 漏洞描述 漏洞影响 CVSS3.1基础得分 受影响的版本 受影响的仓库 修复链接
CVE-2024-21834 Arkui类型混淆漏洞 本地攻击者通过本漏洞造成app crash 3.3 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release arkui_ace_engine 3.2.x
CVE-2024-22177 Audio权限管理不当漏洞 本地攻击者通过本漏洞造成app crash 3.3 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release multimedia_audio_framework 3.2.x
CVE-2024-22098 AVSession释放后使用漏洞 本地攻击者通过本漏洞可在任意应用中执行代码 6.5 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release multimedia_av_session 3.2.x
CVE-2024-22180 Camera释放后使用漏洞 本地攻击者通过本漏洞造成DOS 3.3 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
multimedia_camera_framework 3.2.x
4.0.x
CVE-2024-29074 Telephony入参检测不完善漏洞 本地攻击者通过本漏洞可在任意应用中执行代码 6.5 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release telephony_cellular_call 3.2.x
3.2.x
CVE-2024-22092 包管理权限管理不当漏洞 远程攻击者通过本漏洞绕过管控安装应用, 但需要本地用户的交互 7.7 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release bundlemanager_bundle_framework 3.2.x
CVE-2024-24581 方舟eTS运行时越界写漏洞 本地攻击者通过本漏洞可在任意应用中执行代码 6.5 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
arkcompiler_ets_runtime 3.2.x
4.0.x
CVE-2024-28226 文件系统入参检测不完善漏洞 远程攻击者通过本漏洞造成DOS 8.1 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
kernel_linux_5.10 3.2.x
4.0.x
CVE-2024-28951 方舟eTS运行时释放后使用漏洞 本地攻击者通过本漏洞可在预装应用中执行代码 5.5 OpenHarmony-v4.0-Release arkcompiler_ets_runtime 4.0.x
CVE-2024-29086 方舟eTS运行时栈溢出漏洞 本地攻击者通过本漏洞造成DOS 3.3 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release arkcompiler_ets_runtime 3.2.x

以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。

CVE 严重程度 CVSS 3.1得分 受影响的仓库 受影响的OpenHarmony版本 修复链接
CVE-2024-0641 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2022-48619 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2023-39197 中危 4.0 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-0584 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2023-46343 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-23851 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-23850 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-23849 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-0639 中危 5.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-0775 高危 7.1 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2023-51043 高危 7.0 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2023-52340 高危 7.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2023-46838 高危 7.5 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2022-2503 中危 6.7 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2014-0069 高危 8.4 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-1086 高危 7.8 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2015-5157 高危 8.4 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2021-46958 高危 7.8 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-25062 高危 7.5 third_party_libxml2 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-24806 致命 9.8 third_party_libuv OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-22195 中危 6.1 third_party_jinja2 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-0814 中危 6.5 third_party_chromium OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2024-0810 中危 4.3 third_party_chromium OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x
CVE-2023-6040 高危 7.8 kernel_linux_5.10 OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release
OpenHarmony-v4.0-Release
4.0.x
3.2.x

如下是各维护版本的安全补丁标签,请在合入当月及之前全部对应安全补丁之后,更新安全补丁标签。

安全补丁标签 链接
2024年04月 [4.0.x]
[3.2.x]
1
https://gitee.com/openharmony/security.git
git@gitee.com:openharmony/security.git
openharmony
security
security
master

Search