CVE-2024-22177

OpenHarmony vulnerability CVE-2024-22177 affects OpenHarmony v3.2.4 and earlier. A local attacker can cause applications to crash by abusing the get permission flow. Root cause indicated in multiple sources as an improper preservation of permissions. Impact is crash/denial of usability for apps; ...

CVE-2024-24581

OpenHarmony vulnerability CVE-2024-24581 affects OpenHarmony v4.0.0 and earlier, caused by an out-of-bounds write in Arkcompiler runtime, enabling a local attacker to achieve arbitrary code execution. The issue is verified across multiple sources in the connected documents, which describe the sam...

CVE-2024-31078

OpenHarmony suffers a local vulnerability (CVE-2024-31078) in v4.0.0 and earlier where a NULL pointer dereference can crash a service. The issue is described across multiple sources as a local attack leading to a service crash, with the OpenHarmony lineage prior to 4.0.0 implicated. Root cause de...

CVE-2025-0304

CVE-2025-0304 affects OpenHarmony v4.1.2 and earlier. The issue is a use-after-free in resource management that allows a local attacker to elevate permissions to root and leak sensitive data. Impact is described as local privilege escalation with potential information disclosure; exact exploited ...

CVE-2022-44455

CVE-2022-44455 affects OpenHarmony v3.1.2 and earlier. The vulnerability is a buffer overflow in the appspawn and nwebspawn services caused by insufficient input validation. An unprivileged malicious application could potentially execute code within other installed apps or cause crashes. Public s...

CVE-2024-21834

Summary of CVE-2024-21834 (OpenHarmony): OpenHarmony v3.2.4 and earlier versions contain a vulnerability that allows a local attacker to cause applications to crash due to a type confusion issue. The impact is described as availability loss (app crashes) with a local attack vector and low privile...

CVE-2025-26693

Summary: CVE-2025-26693 affects OpenHarmony v5.0.3 and earlier. The root cause is improper preservation/handling of permissions in the get permission flow, enabling a local attacker to cause an information disclosure (confidentiality impact high per NVD). Attack vector is local with low prerequis...

CVE-2023-49602

CVE-2023-49602 affects OpenHarmony v3.2.4 and earlier. The underlying issue is a type confusion in ArkUI-related code that can be triggered by a local attacker, causing apps to crash. Public references consistently describe the impact as a local crash with no broader compromise described in the p...

CVE-2024-23808

CVE-2024-23808 affects OpenHarmony up to v4.0.0 and earlier. The vulnerability allows a local attacker to execute arbitrary code in pre-installed apps via a use-after-free condition, or cause denial of service through a NULL pointer dereference. The available sources consistently describe the imp...

CVE-2024-27217

The CVE-2024-27217 entry concerns OpenHarmony v4.0.0 and earlier, where a use-after-free vulnerability in pre-installed apps could allow a local attacker to achieve arbitrary code execution. • Affected product: OpenHarmony (version 4.0.0 and before). • Root cause: use-after-free in pre-installed ...

CVE-2025-23414

CVE-2025-23414 affects OpenHarmony v5.0.2 and earlier. A use-after-free in pre-installed apps allows a local attacker to achieve arbitrary code execution in a restricted context. The NVD metrics indicate a high impact (C/H, I/H, A/H) with local access, low privileges required, and no user interac...

CVE-2023-46708

CVE-2023-46708 affects OpenHarmony v3.2.4 and earlier. The issue is a use-after-free vulnerability that enables a local attacker to execute arbitrary code within apps. Mitigation: upgrade to a version newer than 3.2.4 (per PT-2024-13372 recommendations). Availability of exploit details in the pro...

CVE-2024-21826

OpenHarmony has a local-information-disclosure vulnerability (CVE-2024-21826) affecting v3.2.4 and earlier, attributed to insecure storage in the Huks component. A local attacker can access sensitive data due to improper storage protections. Remediation: upgrade to a version newer than 3.2.4; a t...

CVE-2025-20042

CVE-2025-20042 affects OpenHarmony v5.0.2 and earlier, with a local out-of-bounds read that leads to information disclosure. Root cause and exact vulnerable component are not specified in the connected documents; impact is indicated as high confidentiality risk, with local attacker, low privilege...

CVE-2025-22841

OpenHarmony CVE-2025-22841 affects OpenHarmony v5.0.2 and earlier, with a local out-of-bounds read that can lead to denial of service. This is documented across multiple feeds (NVD entry, Red Hat page, CVE listing) and classifies the impact as Availability (A) High for the attacker on the local v...

CVE-2025-23409

CVE-2025-23409 affects OpenHarmony v5.0.2 and earlier. The issue is a use-after-free in pre-installed apps that enables a local attacker to achieve arbitrary code execution in restricted scenarios. The primary cause is use-after-free vulnerability in the affected software component. The documents...

CVE-2024-3759

CVE-2024-3759 affects OpenHarmony v4.0.0 and earlier. The vulnerability is a use-after-free in TCB that enables a local attacker to achieve arbitrary code execution. The available sources describe a local threat with high-impact implications (confidentiality, integrity, and availability could be ...

CVE-2025-21097

CVE-2025-21097 concerns OpenHarmony. Affected: OpenHarmony v5.0.2 and earlier. Description confirms a NULL pointer dereference vulnerability that can be exploited by a local attacker to cause a denial of service. The issue is described consistently across multiple feeds (NVD, RH Red Hat, CVE list...

CVE-2025-24309

CVE-2025-24309 affects OpenHarmony v5.0.2 and earlier. The vulnerability is an out-of-bounds write in the Arkcompiler Ets Runtime that enables a local attacker to execute arbitrary code within pre-installed apps, restricted to specific scenarios. CVSS details show a local, low-privilege, low-expl...

CVE-2025-27241

OpenHarmony vulnerability CVE-2025-27241 affects v5.0.3 and earlier, where a NULL pointer dereference can be exploited by a local attacker to cause a denial of service (DOS). The issue is documented across multiple feeds (e.g., Red Hat and CVE lists) with a local attack vector and low attack comp...

CVE-2024-10074

CVE-2024-10074 affects OpenHarmony v4.1.1 and earlier. A use-after-free memory issue allows a local attacker to elevate privileges, upgrading a standard permission to root. Root cause described as memory reuse after release. Impact is local, with high severity; CVSS vectors indicate local access ...

CVE-2025-20091

CVE-2025-20091 affects OpenHarmony v5.0.2 and earlier. The issue is a use-after-free in components used by pre-installed apps, enabling local arbitrary code execution in restricted scenarios. NVD notes a HIGH-severity, local exploitable vector with low attack complexity and no user interaction re...

CVE-2025-21089

CVE-2025-21089 affects OpenHarmony v5.0.2 and earlier. The vulnerability is an out-of-bounds read that allows a local attacker to cause a denial-of-service. The available sources consistently describe the impact as a local DOS via an out-of-bounds read, without detailing exploitation vectors, aff...

CVE-2025-22847

CVE-2025-22847 affects OpenHarmony v5.0.2 and earlier. It describes a local-denial-of-service condition caused by an out-of-bounds read in Arkcompiler Ets Runtime. Public documentation confirms the vulnerability details, including impact to availability and the local attack vector, but there are ...

CVE-2025-25052

OpenHarmony vulnerability CVE-2025-25052 affects OpenHarmony v5.0.3 and earlier. A buffer overflow in arkcompiler_ets_runtime can allow a local attacker to cause a Denial of Service. In practice, the issue is mitigated by upgrading to a version newer than 5.0.3 (per PT-2025-19891). Several source...

CVE-2025-26691

OpenHarmony has a local information-leak vulnerability CVE-2025-26691 affecting v5.0.3 and earlier. The issue is triggered by a flaw in permission handling (reported as improper preservation of permissions in the telephony_call_manager context), enabling a local attacker to leak confidential data...

CVE-2024-22098

OpenHarmony: CVE-2024-22098 is a local-use-after-free vulnerability in AVSession that allows arbitrary code execution in any app on OpenHarmony v3.2.4 and older. The root cause is use-after-free; impact is local and high (per CVSS, high for confidentiality, integrity, availability). No exploit de...

CVE-2025-0302

The CVE-2025-0302 entry concerns OpenHarmony, affected versions 4.1.2 and earlier. The vulnerability is described as an integer overflow that allows a local attacker to cause a Denial of Service. The available connected documents corroborate the local-exploit vector and the availability impact, b...

CVE-2025-23234

OpenHarmony CVE-2025-23234 affects v5.0.2 and earlier. The vulnerability is a local buffer overflow that allows a local attacker to cause a denial-of-service. The issue is described consistently across multiple sources (NVD entry and Red Hat/CVE references). No exploit details, affected versions ...

CVE-2025-27132

In OpenHarmony, CVE-2025-27132 describes an out-of-bounds write vulnerability that allows a local attacker to execute arbitrary code in pre-installed apps on OpenHarmony v5.0.3 and earlier. The issue stems from a faulty write operation in the affected component (as noted across multiple sources),...

CVE-2023-25176

OpenHarmony affects OpenHarmony v3.2.4 and prior versions. The CVE-2023-25176 issue is an information leak via an out-of-bounds read in the pasteboard/local pathway, exploitable by a local attacker. Root cause: out-of-bounds read leading to confidentiality impact. Impact is described as informati...

CVE-2025-20626

CVE-2025-20626 affects OpenHarmony v5.0.2 and earlier. The reported issue is a use-after-free in the Arkcompiler Ets Runtime that allows a local attacker to execute arbitrary code within pre-installed apps, in restricted scenarios. NVD/AI-derived metrics indicate a high-impact potential for confi...

CVE-2025-22837

CVE-2025-22837 is a confirmed vulnerability in OpenHarmony 5.0.2 and earlier, where a NULL pointer dereference can be exploited locally to cause a denial of service. The NVD entry, Red Hat, NVD, CVE list, and related feeds consistently describe a local DOS condition with a high impact on availabi...

CVE-2025-22897

OpenHarmony CVE-2025-22897 affects OpenHarmony v5.0.2 and earlier. The vulnerability is a buffer overflow in the Arkcompiler Ets Runtime that enables a local attacker to cause a Denial of Service . Metrics indicate a Local attack vector with low complexity and local privileges required; impact is...

CVE-2025-23418

CVE-2025-23418 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds read in a component (OpenHarmony runtime) that enables a local attacker to cause a denial of service. The vulnerability is documented across multiple feeds (NVD/NVD mirror and Red Hat/CVE listings) with a local, ...

CVE-2025-24301

OpenHarmony vulnerability CVE-2025-24301 affects v5.0.2 and earlier, where a use-after-free in pre-installed apps enables local code execution by a restricted attacker. The issue is described as a local escalation/vector with a high impact (CVE metrics show local access, high confidentiality/inte...

CVE-2024-39816

OpenHarmony has a local, out-of-bounds write vulnerability in Arkcompiler Ets Runtime affecting v4.1.0 and earlier, enabling a local attacker to achieve arbitrary code execution in pre-installed apps. Root cause is described as an out-of-bounds write in the Ark eTS runtime. Affected component/fun...

CVE-2025-21098

OpenHarmony OpenHarmony v5.0.2 and earlier are affected by CVE-2025-21098, where a local attacker can cause information disclosure via an out-of-bounds read that bypasses a permission check. The vulnerability targets the information flow path leading to confidentiality impact (HIGH) with local at...

CVE-2025-22443

CVE-2025-22443 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds read in the runtime that can let a local attacker cause a denial of service. The available sources consistently describe the vulnerability as a local DOS due to an out-of-bounds read, but do not provide detailed ...

CVE-2023-22436

The CVE-2023-22436 entry describes a local UAF (Use-After-Free) vulnerability in the kernel subsystem function check_permission_for_set_tokenid affecting OpenHarmony v3.1.5 and earlier . Successful exploitation can escalate privileges to root . The issue is rooted in the kernel’s token-related pe...

CVE-2024-43697

CVE-2024-43697 affects OpenHarmony v4.1.0 and earlier. The issue is an improper input handling vulnerability that can allow a local attacker to cause a Denial of Service, impacting availability. The CVSS narrative from the sources shows local access, low attack complexity, and that no user intera...

CVE-2025-0587

OpenHarmony vulnerability CVE-2025-0587 affects OpenHarmony v5.0.2 and earlier, where an integer overflow in pre-installed apps enables local arbitrary code execution under restricted conditions. The issue’s root cause is the integer overflow; impact is local code execution with high confidential...

CVE-2025-22835

CVE-2025-22835 affects OpenHarmony v5.0.2 and earlier. The vulnerability is an out-of-bounds write in Arkcompiler Ets Runtime, allowing a local attacker to achieve arbitrary code execution in pre-installed applications, with exploitation possible only in restricted scenarios. The connected docume...

CVE-2023-46705

OpenHarmony vulnerability CVE-2023-46705 affects OpenHarmony v3.2.2 and earlier. A local attacker can trigger a type confusion to leak system information. The issue is described as a local, low-privilege condition with high confidentiality impact; no exploitation vector details are provided in th...

CVE-2024-21816

CVE-2024-21816 – OpenHarmony local information disclosure . Multiple connected sources confirm that OpenHarmony v4.0.0 and earlier are affected by an improper preservation of permissions in the Background Task Manager, enabling a local attacker to leak information. Affected component is the permi...

CVE-2024-22092

OpenHarmony OpenHarmony v3.2.4 and earlier are affected by a remote authentication bypass that allows installing apps without proper permission checks, though user action is required. This is a high-severity issue (CVSS-like impact: high for integrity and confidentiality in some vectors) with pot...

CVE-2024-28951

Summary: CVE-2024-28951 affects OpenHarmony v4.0.0 and earlier and is described as a local-use-after-free vulnerability in the Arkcompiler runtime that allows arbitrary code execution in pre-installed apps. The vulnerability is local, requires privileges, and has a high impact on confidentiality,...

CVE-2024-29086

CVE-2024-29086 affects OpenHarmony v3.2.4 and earlier. The issue is a local, stack-overflow–driven denial of service in the Arkcompiler runtime, enabling a local attacker to cause a DOS. Root cause identified as a stack overflow. Mitigation: upgrade to a version that contains a fix (no exact patc...

CVE-2025-20024

OpenHarmony CVE-2025-20024 affects v5.0.2 and earlier. The issue is an integer overflow in pre-installed apps that allows a local attacker to achieve arbitrary code execution in restricted scenarios. Documented impact is local, with low to moderate overall severity across sources, and there is no...

CVE-2025-21082

CVE-2025-21082 affects OpenHarmony v5.0.3 and earlier, with a type confusion vulnerability in the arkui_ace_engine that can cause local apps to crash. The issue is described as a local, low-privilege, low-complexity condition with availability impact (crash) and no confidentiality/integrity impac...