Openatom: Security Vulnerabilities
The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-03-10
The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions,
OpenHarmony-v3.0.7 and prior versions
has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-03-10
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-08
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-01-09
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-01-09
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-01-09
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-01-09
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
CVSS Score
6.2
EPSS Score
0.002
Published
2022-12-19
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-12-08
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-12-08