zh/security-disclosure/2024/2024-05.md · OpenHarmony/security - Gitee.com

开源项目 > OpenHarmony > OpenHarmony 教程指南 &&

加入 Gitee

与超过 1200万开发者一起发现、参与优秀开源项目，私有仓库也完全免费：）

克隆/下载

2024-05.md 5.62 KB

## 2024年05月安全漏洞
_发布于2024.05.07_<br/>
_最后更新于2024.05.07_

**备注：OpenHarmony 3.2-Release分支已停止维护，后续这个分支的安全漏洞也不再维护，详情参见：**
[OpenHarmony 3.2-Release分支停止维护公告](https://gitee.com/openharmony/release-management/blob/master/OpenHarmony%203.2-Release%E5%88%86%E6%94%AF%E5%81%9C%E6%AD%A2%E7%BB%B4%E6%8A%A4%E5%85%AC%E5%91%8A.md)

| CVE            | 漏洞描述 | 漏洞影响 | CVSS3.1基础得分 | 受影响的版本 | 受影响的仓库 | 修复链接 |
| -------------- | -------- | -------- | --------------- | ------------ | ------------ | -------- |
| CVE-2024-27217 | MSDP释放后使用漏洞                | 本地攻击者通过本漏洞可在预装应用中执行任意代码 | 6.5 | OpenHarmony-v4.0-Release | msdp_device_status | [4.0.x](https://gitee.com/openharmony/msdp_device_status/pulls/1407) |
| CVE-2024-23808 | Ark编译器前端越界读漏洞           | 本地攻击者通过本漏洞可在预装应用中执行任意代码 | 5.2 | OpenHarmony-v4.0-Release | arkcompiler_ets_frontend | [4.0.x](https://gitee.com/openharmony/arkcompiler_ets_frontend/pulls/1885) |
| CVE-2024-31078 | 蓝牙服务释放后使用漏洞            | 本地攻击者通过本漏洞造成服务crash              | 3.3 | OpenHarmony-v4.0-Release | communication_bluetooth_service | [4.0.x](https://gitee.com/openharmony/communication_bluetooth_service/pulls/171) |
| CVE-2024-3757  | Ark运行时整数溢出漏洞             | 本地攻击者通过本漏洞造成应用crash              | 3.3 | OpenHarmony-v4.0-Release | arkcompiler_ets_runtime | [4.0.x](https://gitee.com/openharmony/arkcompiler_ets_runtime/pulls/6395) |
| CVE-2024-3758  | Hmdfs堆溢出漏洞                   | 本地攻击者通过本漏洞可在TCB中执行任意代码      | 6.5 | OpenHarmony-v4.0-Release | kernel_linux_5.10 | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1282) |
| CVE-2024-3759  | Hmdfs释放后使用漏洞               | 本地攻击者通过本漏洞可在TCB中执行任意代码      | 6.5 | OpenHarmony-v4.0-Release | kernel_linux_5.10 | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1276) |

### 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

| CVE            | 严重程度 | CVSS 3.1得分 |受影响的仓库 | 受影响的OpenHarmony版本                                      | 修复链接                                               |
| -------------- | -------- | ------------ |-------------| ------------------------------------------------------------ | ------------------------------------------------------ |
| CVE-2024-26614 | 中危 | 5.3 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/d1cec119b263daa400eea27001d9f43a24df1d3f) |
| CVE-2024-26606 | 低危 | 3.5 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/a5f26fe6d0e673a24e2d326f8a35058c6f7159f1) |
| CVE-2024-26589 | 高危 | 7.8 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/ff5a05fa712893b7c7f0f1dc69ac46439f7689fb) |
| CVE-2023-6176  | 中危 | 4.7 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/ca9598125115d4dbf5df622ad1cb0dfa38c79883) |
| CVE-2023-6121  | 中危 | 4.3 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/e993f108d7fd311dc09bc2d912e0829f58a6e7db) |
| CVE-2023-52492 | 中危 | 5.7 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/1351) |
| CVE-2023-52486 | 中危 | 4.8 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/d65f16b3fdd8d6930af4c28e484bdf960e660c4c) |
| CVE-2023-52444 | 高危 | 7.8 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/66f1833dc0b5c5327e0fe4adf6a42cb4be7520ad) |
| CVE-2023-52443 | 中危 | 5.5 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/3b968bce6ae6d8f9c1ce4564ec8596a8fa8a8df3) |
| CVE-2023-52438 | 高危 | 7.8 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/557fc8912548bd708dc51b0904adbb1b54f031fc) |
| CVE-2023-52435 | 中危 | 5.5 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/e822fb171dda91ccb5187a40b179db70db35169d) |
| CVE-2023-51779 | 中危 | 4.6 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/056f35bf7a49c907881b0a73935edc976352c60b) |
| CVE-2021-46945 | 中危 | 5.7 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/418a1e473b6b89c0ddfb3cb5cc70ee17fe152391) |
| CVE-2021-33631 | 高危 | 7.8 | kernel_linux_5.10  | OpenHarmony-v4.0-Release | [4.0.x](https://gitee.com/openharmony/kernel_linux_5.10/commit/c30db4415a2527d420d82cd8ddcbea1c423b4aad) |

### 如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

<table>
	<tr>
		<td style="font-weight: bold">安全补丁标签</td>
		<td style="font-weight: bold">链接</td>
	</tr>
	<tr>
		<td rowspan="3">2024年05月</td>
		<td><a href="https://gitee.com/openharmony/startup_init/pulls/2728">[4.0.x]</a></td>
	</tr>
</table>

一键复制编辑原始数据按行查看历史

提交于 2024-05-07 14:23 . 更新2024年5月安全公告

2024年05月安全漏洞

发布于2024.05.07
最后更新于2024.05.07

备注：OpenHarmony 3.2-Release分支已停止维护，后续这个分支的安全漏洞也不再维护，详情参见： OpenHarmony 3.2-Release分支停止维护公告

CVE	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接
CVE-2024-27217	MSDP释放后使用漏洞	本地攻击者通过本漏洞可在预装应用中执行任意代码	6.5	OpenHarmony-v4.0-Release	msdp_device_status	4.0.x
CVE-2024-23808	Ark编译器前端越界读漏洞	本地攻击者通过本漏洞可在预装应用中执行任意代码	5.2	OpenHarmony-v4.0-Release	arkcompiler_ets_frontend	4.0.x
CVE-2024-31078	蓝牙服务释放后使用漏洞	本地攻击者通过本漏洞造成服务crash	3.3	OpenHarmony-v4.0-Release	communication_bluetooth_service	4.0.x
CVE-2024-3757	Ark运行时整数溢出漏洞	本地攻击者通过本漏洞造成应用crash	3.3	OpenHarmony-v4.0-Release	arkcompiler_ets_runtime	4.0.x
CVE-2024-3758	Hmdfs堆溢出漏洞	本地攻击者通过本漏洞可在TCB中执行任意代码	6.5	OpenHarmony-v4.0-Release	kernel_linux_5.10	4.0.x
CVE-2024-3759	Hmdfs释放后使用漏洞	本地攻击者通过本漏洞可在TCB中执行任意代码	6.5	OpenHarmony-v4.0-Release	kernel_linux_5.10	4.0.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的仓库	受影响的OpenHarmony版本	修复链接
CVE-2024-26614	中危	5.3	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2024-26606	低危	3.5	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2024-26589	高危	7.8	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-6176	中危	4.7	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-6121	中危	4.3	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-52492	中危	5.7	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-52486	中危	4.8	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-52444	高危	7.8	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-52443	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-52438	高危	7.8	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-52435	中危	5.5	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2023-51779	中危	4.6	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2021-46945	中危	5.7	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x
CVE-2021-33631	高危	7.8	kernel_linux_5.10	OpenHarmony-v4.0-Release	4.0.x

如下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

安全补丁标签	链接
2024年05月	[4.0.x]

1

https://gitee.com/openharmony/security.git

git@gitee.com:openharmony/security.git

openharmony

security

security

master