zh/security-disclosure/2024/2024-04.md · OpenHarmony/security

## 2024年04月安全漏洞
_发布于2024.04.02_ 
_最后更新于2024.04.02_

| CVE | 漏洞描述 | 漏洞影响 | CVSS3.1基础得分 | 受影响的版本 | 受影响的仓库 | 修复链接 |
| -------------- | -------- | -------- | --------------- | ------------ | ------------ | -------- |
| CVE-2024-21834 | Arkui类型混淆漏洞 | 本地攻击者通过本漏洞造成app crash | 3.3 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | arkui_ace_engine | [3.2.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/26388) | 
| CVE-2024-22177 | Audio权限管理不当漏洞 | 本地攻击者通过本漏洞造成app crash | 3.3 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | multimedia_audio_framework | [3.2.x](https://gitee.com/openharmony/multimedia_audio_framework/pulls/2442) |
| CVE-2024-22098 | AVSession释放后使用漏洞 | 本地攻击者通过本漏洞可在任意应用中执行代码 | 6.5 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | multimedia_av_session | [3.2.x](https://gitee.com/openharmony/multimedia_av_session/pulls/818) |
| CVE-2024-22180 | Camera释放后使用漏洞 | 本地攻击者通过本漏洞造成DOS | 3.3 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | multimedia_camera_framework | [3.2.x](https://gitee.com/openharmony/multimedia_camera_framework/pulls/1179) [4.0.x](https://gitee.com/openharmony/multimedia_camera_framework/pulls/1181) |
| CVE-2024-29074 | Telephony入参检测不完善漏洞 | 本地攻击者通过本漏洞可在任意应用中执行代码 | 6.5 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | telephony_cellular_call | [3.2.x](https://gitee.com/openharmony/telephony_cellular_call/pulls/596) [3.2.x](https://gitee.com/openharmony/telephony_cellular_call/pulls/595) |
| CVE-2024-22092 | 包管理权限管理不当漏洞 | 远程攻击者通过本漏洞绕过管控安装应用, 但需要本地用户的交互 | 7.7 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | bundlemanager_bundle_framework | [3.2.x](https://gitee.com/openharmony/bundlemanager_bundle_framework/pulls/5084) |
| CVE-2024-24581 | 方舟eTS运行时越界写漏洞 | 本地攻击者通过本漏洞可在任意应用中执行代码 | 6.5 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | arkcompiler_ets_runtime | [3.2.x](https://gitee.com/openharmony/arkcompiler_ets_runtime/pulls/5061) [4.0.x](https://gitee.com/openharmony/arkcompiler_ets_runtime/pulls/5085) |
| CVE-2024-28226 | 文件系统入参检测不完善漏洞 | 远程攻击者通过本漏洞造成DOS | 8.1 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | kernel_linux_5.10 | [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1279) [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1278) |
| CVE-2024-28951 | 方舟eTS运行时释放后使用漏洞 | 本地攻击者通过本漏洞可在预装应用中执行代码 | 5.5 |OpenHarmony-v4.0-Release | arkcompiler_ets_runtime | [4.0.x](https://gitee.com/openharmony/arkcompiler_ets_runtime/pulls/6039) |
| CVE-2024-29086 | 方舟eTS运行时栈溢出漏洞 | 本地攻击者通过本漏洞造成DOS | 3.3 |OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release | arkcompiler_ets_runtime | [3.2.x](https://gitee.com/openharmony/arkcompiler_ets_runtime/pulls/5454) |

### 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

| CVE | 严重程度 | CVSS 3.1得分 |受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
| -------------- | -------- | ------------ |-------------| ------------------------------------------------------------ | ------------------------------------------------------ |
| CVE-2024-0641 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/8ba6dfda34afcd45eb2aa8526882d8aea6d7d7fe) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/035f59d36faa7ec339ad3ff11f598d8ed4a0e415) |
| CVE-2022-48619 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/0e942af0f1ab1845d428572a09d658d1825cc0e1) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/7add73dd92808a69dae6493d91383dd3a4aa54c0) |
| CVE-2023-39197 | 中危 | 4.0 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/b7aee7fb6fc449a165ad19790c435daa59713b6e) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/8327a5e4fd8cfd651d53f468420e3c9bc12629fe) |
| CVE-2024-0584 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/5b50f28a0ac29e22fa7e749efb632f756e9bcca8) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/d7cde500b071af684b6ee7fe0faa98e5695f1133) |
| CVE-2023-46343 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/445c0e1695fb55e26021742a5aa914d292e0c6b4) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/8087188033fa2f28def563451e3e8a6672b8a3be) |
| CVE-2024-23851 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/443baafab0c17b86a54c297ee995112693c2b9af) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/726bf295990bc4cd87fe23d287274d1c1165f48e) |
| CVE-2024-23850 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/c05656aaa80a875dc77677a2ceaf54751b4a33e5) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/090bf69b9eeec1118fb27ce5d74de70447b979e8) |
| CVE-2024-23849 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/257756af493e5c1ff269b1386d73f52504677894) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/a17877add9dab89316fabde4e95284f30309c522) |
| CVE-2024-0639 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/4782207a22887c585d3bedbc2060c619f444c30f) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/402bd108a662f0c876f8ee7e23862273e1d717dc) |
| CVE-2024-0775 | 高危 | 7.1 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/b55f78f7dc964dab47c940fc8fe4fb60f7a5cb00) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/51b9d1defb155f1bf0e1c86d27621009fbe85b27) |
| CVE-2023-51043 | 高危 | 7.0 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/84e2d43aa9342c57f7858fde006100edf52428cf) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/bd7848e09a1b0059611e14b069b9843a69e7f83d) |
| CVE-2023-52340 | 高危 | 7.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/445c0e1695fb55e26021742a5aa914d292e0c6b4) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/8087188033fa2f28def563451e3e8a6672b8a3be) |
| CVE-2023-46838 | 高危 | 7.5 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/aa14a63c92b6db72fdc74a018c37dcdb8d7e7b42) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/c04fb93e86681860f4d554e6b10af29b664f0b25) |
| CVE-2022-2503 | 中危 | 6.7 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/7bc8d31fa7b433f5f734b826f912f3e159aa8364) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/7bc8d31fa7b433f5f734b826f912f3e159aa8364) |
| CVE-2014-0069 | 高危 | 8.4 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/5d81de8e8667da7135d3a32a964087c0faf5483f) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/5d81de8e8667da7135d3a32a964087c0faf5483f) |
| CVE-2024-1086 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/d78c0bde7813100dd2b0200026080030b5bb5013) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/d78c0bde7813100dd2b0200026080030b5bb5013) |
| CVE-2015-5157 | 高危 | 8.4 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a) |
| CVE-2021-46958 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6) |
| CVE-2024-25062 | 高危 | 7.5 | third_party_libxml2 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/third_party_libxml2/pulls/72) [3.2.x](https://gitee.com/openharmony/third_party_libxml2/pulls/73) |
| CVE-2024-24806 | 致命 | 9.8 | third_party_libuv | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/third_party_libuv/pulls/101) [3.2.x](https://gitee.com/openharmony/third_party_libuv/pulls/100) |
| CVE-2024-22195 | 中危 | 6.1 | third_party_jinja2 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/third_party_jinja2/pulls/18) [3.2.x](https://gitee.com/openharmony/third_party_jinja2/pulls/17) |
| CVE-2024-0814 | 中危 | 6.5 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony-tpc/chromium_src/pulls/522) [3.2.x](https://gitee.com/openharmony-tpc/chromium_src/pulls/508) |
| CVE-2024-0810 | 中危 | 4.3 | third_party_chromium | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony-tpc/chromium_src/pulls/510) [3.2.x](https://gitee.com/openharmony-tpc/chromium_src/pulls/506) |
| CVE-2023-6040 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v3.2-Release到OpenHarmony-v3.2.4-Release OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1254) [3.2.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1255) |

### 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

<table>
	<tr>
		<td style="font-weight: bold">安全补丁标签</td>
		<td style="font-weight: bold">链接</td>
	</tr>
	<tr>
		<td rowspan="3">2024年04月</td>
		<td><a href="https://gitee.com/openharmony/startup_init/pulls/2632">[4.0.x]</a></td>
	</tr>
	<tr>
		<td><a href="https://gitee.com/openharmony/startup_init/pulls/2633">[3.2.x]</a></td>
	</tr>
</table>

OpenHarmony/security

About

Releases

Contributors

Activities

OpenHarmony/security .gitee-modal { width: 500px !important; }

About

Releases

The Open Source Evaluation Index is derived from the OSS Compass evaluation system, which evaluates projects around the following three dimensions

Contributors

Activities

Search

OpenHarmony/security