OpenHarmony Security Vulnerabilities

CVE-2024-3759

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after...

CVE-2024-3757

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer...

CVE-2024-3758

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer...

CVE-2024-27217

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after...

CVE-2024-23808

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer...

CVE-2024-31078

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer...

CVE-2024-28951

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after...

CVE-2024-29086

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack...

CVE-2024-29074

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper...

CVE-2024-28226

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper...

CVE-2024-22177

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get...

CVE-2024-24581

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds...

CVE-2024-22180

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after...

CVE-2024-22092

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user...

CVE-2024-21834

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type...

CVE-2024-22098

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after...

CVE-2024-21826

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure...

CVE-2024-21816

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of...

CVE-2023-49602

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type...

CVE-2023-46708

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after...

CVE-2023-25176

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds...

CVE-2024-21863

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper...

CVE-2024-21851

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer...

CVE-2024-21860

in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after...

CVE-2024-21845

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer...

CVE-2024-0285

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper...

CVE-2023-45734

in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds...

CVE-2023-49118

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds...

CVE-2023-43756

in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds...

CVE-2023-49142

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released...

CVE-2023-47216

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all...

CVE-2023-47857

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released...

CVE-2023-48360

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released...

CVE-2023-49135

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released...

CVE-2023-6045

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type...

CVE-2023-43612

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of...

CVE-2023-47217

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer...

CVE-2023-46705

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type...

CVE-2023-42774

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default...

CVE-2023-46100

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized...

CVE-2023-3116

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default...

CVE-2023-4753

OpenHarmony v3.2.1 and prior version has a system call function usage error. Local attackers can crash kernel by the error...

CVE-2023-25947

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP...

CVE-2023-24465

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to...

CVE-2023-22436

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to...

CVE-2023-22301

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target...

CVE-2023-0083

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to...

CVE-2022-45126

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and...

CVE-2023-0036

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high...

CVE-2022-43662

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and...