Openatom

Openharmony

149 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-43662

  • EPSS 0.04%
  • Veröffentlicht 09.01.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:26:59

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8

CVE-2022-45126

  • EPSS 0.04%
  • Veröffentlicht 09.01.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:28:48

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8

CVE-2023-0035

  • EPSS 0.01%
  • Veröffentlicht 09.01.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:36:26

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privileg...

7.8

CVE-2023-0036

  • EPSS 0.01%
  • Veröffentlicht 09.01.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 07:36:26

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

3.3

CVE-2022-41802

  • EPSS 0.11%
  • Veröffentlicht 08.12.2022 16:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:52

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8

CVE-2022-44455

  • EPSS 0.13%
  • Veröffentlicht 08.12.2022 16:15:13
  • Zuletzt bearbeitet 21.11.2024 07:28:02

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execu...

4.4

CVE-2022-41686

  • EPSS 0.06%
  • Veröffentlicht 14.10.2022 15:16:20
  • Zuletzt bearbeitet 21.11.2024 07:23:38

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the devi...

3.3

CVE-2022-38701

  • EPSS 0.04%
  • Veröffentlicht 09.09.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 07:16:57

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

7.4

CVE-2022-36423

  • EPSS 0.13%
  • Veröffentlicht 09.09.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 07:12:58

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.