156 matches found
CVE-2025-21098
OpenHarmony OpenHarmony v5.0.2 and earlier are affected by CVE-2025-21098, where a local attacker can cause information disclosure via an out-of-bounds read that bypasses a permission check. The vulnerability targets the information flow path leading to confidentiality impact (HIGH) with local at...
CVE-2025-22443
CVE-2025-22443 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds read in the runtime that can let a local attacker cause a denial of service. The available sources consistently describe the vulnerability as a local DOS due to an out-of-bounds read, but do not provide detailed ...
CVE-2025-24301
OpenHarmony vulnerability CVE-2025-24301 affects v5.0.2 and earlier, where a use-after-free in pre-installed apps enables local code execution by a restricted attacker. The issue is described as a local escalation/vector with a high impact (CVE metrics show local access, high confidentiality/inte...
CVE-2025-27132
In OpenHarmony, CVE-2025-27132 describes an out-of-bounds write vulnerability that allows a local attacker to execute arbitrary code in pre-installed apps on OpenHarmony v5.0.3 and earlier. The issue stems from a faulty write operation in the affected component (as noted across multiple sources),...
CVE-2023-47217
OpenHarmony is affected by CVE-2023-47217 in v3.2.2 and earlier, where a buffer overflow can enable a local attacker to cause a denial of service. The root cause is a buffer overflow in the vulnerable component; exact vulnerable module/function is not specified in the provided documents. Impact i...
CVE-2024-28951
Summary: CVE-2024-28951 affects OpenHarmony v4.0.0 and earlier and is described as a local-use-after-free vulnerability in the Arkcompiler runtime that allows arbitrary code execution in pre-installed apps. The vulnerability is local, requires privileges, and has a high impact on confidentiality,...
CVE-2024-39816
OpenHarmony has a local, out-of-bounds write vulnerability in Arkcompiler Ets Runtime affecting v4.1.0 and earlier, enabling a local attacker to achieve arbitrary code execution in pre-installed apps. Root cause is described as an out-of-bounds write in the Ark eTS runtime. Affected component/fun...
CVE-2024-43697
CVE-2024-43697 affects OpenHarmony v4.1.0 and earlier. The issue is an improper input handling vulnerability that can allow a local attacker to cause a Denial of Service, impacting availability. The CVSS narrative from the sources shows local access, low attack complexity, and that no user intera...
CVE-2025-0587
OpenHarmony vulnerability CVE-2025-0587 affects OpenHarmony v5.0.2 and earlier, where an integer overflow in pre-installed apps enables local arbitrary code execution under restricted conditions. The issue’s root cause is the integer overflow; impact is local code execution with high confidential...
CVE-2025-21082
CVE-2025-21082 affects OpenHarmony v5.0.3 and earlier, with a type confusion vulnerability in the arkui_ace_engine that can cause local apps to crash. The issue is described as a local, low-privilege, low-complexity condition with availability impact (crash) and no confidentiality/integrity impac...
CVE-2024-22092
OpenHarmony OpenHarmony v3.2.4 and earlier are affected by a remote authentication bypass that allows installing apps without proper permission checks, though user action is required. This is a high-severity issue (CVSS-like impact: high for integrity and confidentiality in some vectors) with pot...
CVE-2024-41160
OpenHarmony affects OpenHarmony v4.1.0 and earlier. The CVE-2024-41160 vulnerability is described as a use-after-free that allows a local attacker to upgrade the common permission to root and leak sensitive information. The available documents confirm the affected software and the malicious outco...
CVE-2025-20063
OpenHarmony CVE-2025-20063 affects OpenHarmony v5.0.3 and earlier, with a type-confusion vulnerability in the arkui_ace_engine that can allow a local attacker to crash apps (availability impact). The CVSS indicates low attack complexity and local access; impact is high for availability. No specif...
CVE-2025-22452
OpenHarmony vulnerability CVE-2025-22452: A local out-of-bounds read allows a local attacker to cause a denial of service on OpenHarmony v5.0.2 and earlier. Affected component is not deeply detailed in the provided docs, but multiple sources corroborate the local DOS outcome due to an out-of-boun...
CVE-2025-22886
OpenHarmony vulnerability CVE-2025-22886 affects OpenHarmony v5.0.3 and earlier. The issue stems from missing release of memory in a component, enabling a local attacker to cause a Denial of Service. Affected scope is limited to local access; integrity and confidentiality are not impacted per ava...
CVE-2025-24304
CVE-2025-24304 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds write that allows a local attacker to cause a denial of service. The available connected sources consistently describe the vulnerability as a local DOS via an out‑of‑bounds write, with no public exploitation deta...
CVE-2025-25218
The CVE-2025-25218 entry concerns OpenHarmony before and including v5.0.3 where a NULL pointer dereference allows a local attacker to cause a denial of service. The root cause is a NULL pointer dereference in the affected component, leading to a crash or DOS condition when exploited locally. Publ...
CVE-2024-21816
CVE-2024-21816 – OpenHarmony local information disclosure . Multiple connected sources confirm that OpenHarmony v4.0.0 and earlier are affected by an improper preservation of permissions in the Background Task Manager, enabling a local attacker to leak information. Affected component is the permi...
CVE-2024-36243
CVE-2024-36243 affects OpenHarmony Arkcompiler Ets Runtime in versions prior to 4.0.0 and 4.0.0 as baseline. The vulnerability is an out-of-bounds read/write that enables remote arbitrary code execution in pre-installed apps. Root cause details are described in related vulnerability records and P...
CVE-2024-47797
CVE-2024-47797 affects OpenHarmony v4.1.0 and earlier. A local attacker can exploit an out-of-bounds write to elevate privileges (normal user to root) and leak sensitive information. The vulnerability impacts confidentiality and, to a lesser extent, integrity/availability as described in the sour...
CVE-2025-27242
This CVE-2025-27242 affects OpenHarmony v5.0.3 and earlier, where an improper input handling vulnerability allows a local attacker to cause a denial of service. The root cause is input validation/handling weakness in the OpenHarmony security component (security_component_manager). Reported impact...
CVE-2025-27534
CVE-2025-27534 affects OpenHarmony v5.0.2 and earlier. The vulnerability is a local-denial-of-service caused by missing release of memory (memory not freed). Root cause: memory release issue leading to exhaustion under local access. Impact: denial of service when a local attacker triggers the con...
CVE-2024-22180
CVE-2024-22180 affects OpenHarmony versions prior to and including 4.0.0, where a local attacker can trigger a denial-of-service via a use-after-free vulnerability in a camera-related component. The root cause is a use-after-free scenario leading to resource exhaustion or crash, as described acro...
CVE-2024-41157
CVE-2024-41157 is a use-after-free vulnerability in OpenHarmony (LiteOS-A component) affecting OpenHarmony v4.1.0 and earlier. A local attacker can escalate privileges to root and leak sensitive information due to the use-after-free flaw. Exploitation details are not provided in the connected doc...
CVE-2024-47137
CVE-2024-47137 affects OpenHarmony v4.1.0 and earlier. The issue is an out-of-bounds write in the affected component that enables a local attacker to elevate privileges to root and cause a sensitive information leak. Publicly documented across multiple sources (NVD/Red Hat/CVE lists) confirm loca...
CVE-2025-20024
OpenHarmony CVE-2025-20024 affects v5.0.2 and earlier. The issue is an integer overflow in pre-installed apps that allows a local attacker to achieve arbitrary code execution in restricted scenarios. Documented impact is local, with low to moderate overall severity across sources, and there is no...
CVE-2023-22301
OpenHarmony OpenHarmony-v3.1.5 and earlier are affected by a vulnerability in the kernel subsystem hmdfs that allows arbitrary memory access. A network attacker could remotely obtain kernel memory data. Root cause: improper handling in hmdfs. Impact: kernel memory confidentiality exposure. Mitiga...
CVE-2024-37185
Technical details (affected products, exact components, root cause, versions, exploitability) are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.
CVE-2024-39806
CVE-2024-39806 affects OpenHarmony v4.1.0 and earlier, where an out-of-bounds read by a local attacker leads to information disclosure. The vulnerability concerns general OpenHarmony components vulnerable to info leak with a Local, Low-privilege attacker and Low attack complexity; Confidentiality...
CVE-2025-0303
CVE-2025-0303 affects OpenHarmony v4.1.2 and earlier. The issue is a local privilege escalation via a buffer overflow that lets an attacker upgrade a common permission to root and leak sensitive information. The available connected documents consistently describe a local attack vector with root-l...
CVE-2025-20011
CVE-2025-20011 is observed in OpenHarmony v5.0.2 and earlier versions. The issue is a local denial-of-service caused by a memory release/cleanup failure in the Dsoftbus/related components, per OpenHarmony disclosures and corroborated by multiple feeds. NVD lists impact as availability loss with a...
CVE-2025-20021
CVE-2025-20021 affects OpenHarmony v5.0.2 and earlier. The vulnerability is an out-of-bounds read that enables a local attacker to cause a denial-of-service. The available sources consistently describe a local-execution vector with the impact limited to availability (DOs) and do not provide explo...
CVE-2025-27131
CVE-2025-27131 affects OpenHarmony v5.0.3 and earlier. The issue is an improper input handling vulnerability in the kernel_liteos_m stack that enables a local attacker to cause a denial-of-service. The MITRE-style CVE entry lists a local attack vector with LOW privileges and LOW complexity, resul...
CVE-2024-47404
OpenHarmony v4.1.0 and earlier are affected by a local privilege-escalation and information-leak vulnerability caused by a double-free condition. The issue allows a local attacker to upgrade the common permission to root and leak sensitive data. Affected component details are reported across mult...
CVE-2024-21845
CVE-2024-21845 affects OpenHarmony up to and including v4.0.0. A local attacker can trigger a heap overflow due to an integer overflow in Dsoftbus-related functionality, as described in multiple sources. The vulnerability impact is described as high in CVSS terms, with local access required and n...
CVE-2025-23420
CVE-2025-23420 affects OpenHarmony v5.0.2 and earlier. The issue is an out-of-bounds write in pre-installed apps that enables a local attacker to execute arbitrary code, with exploitation described as occurring in restricted scenarios. The available sources consistently describe the vulnerability...
CVE-2025-24493
CVE-2025-24493 applies to OpenHarmony v5.0.3 and earlier, with a race-condition in the kernel that could allow a local attacker to leak information (confidentiality impact high). Public details consistently cite the issue and recommend upgrading to a fixed version, though the exact patched versio...
CVE-2023-0083
The CVE-2023-0083 issue affects the ArKUI framework subsystem in OpenHarmony v3.1.5 and earlier, and v3.0.7 and earlier. Root cause: improper input validation in the ArKUI component, which a local attacker can exploit by sending malicious data, leading to the target application crash (impact: ava...
CVE-2023-25947
The CVE-2023-25947 entry affects OpenHarmony v3.1.4 and earlier. The bundle management subsystem contains a null pointer reference that local attackers can exploit to cause a DoS when installing a malicious HAP package. The impact is a local DoS with availability loss; no confidentiality or integ...
CVE-2023-49135
OpenHarmony CVE-2023-49135 affects v3.2.2 and earlier. A local attacker can cause the multimedia player to crash by modifying a released pointer, indicating a use-after-free/pointer reuse issue in the multimedia component. The vulnerability originates from reusing pointers released from the multi...
CVE-2024-12082
OpenHarmony is affected by CVE-2024-12082 in v4.0.0 and earlier, where an out-of-bounds read leads to information leakage via local access. The root cause is an out-of-bounds read in vulnerable components; impact is confidentiality (information disclosure) with no integrity/availability impact st...
CVE-2024-39775
CVE-2024-39775 affects OpenHarmony v4.1.0 and earlier. The vulnerability is an out-of-bounds read that can lead to an information leak (confidentiality impact high as per the entry). Public exploitation details are not provided in the supplied documents. The issue is described across multiple sou...
CVE-2024-47398
The CVE-2024-47398 entry affects OpenHarmony v4.1.2 and earlier. It is an out-of-bounds write vulnerability that a local attacker can trigger to cause the device to fail to boot. Connected sources do not provide exploit details or a remediation in the supplied documents.
CVE-2024-47402
CVE-2024-47402 relates to OpenHarmony v4.0.0 and earlier, where a local attacker can cause a denial of service via an out-of-bounds read. The impact is described as DOS with local access; the exact vulnerable component is not explicitly identified in the provided documents. Mitigation appears to ...
CVE-2025-22842
OpenHarmony is affected: CVE-2025-22842 in v5.0.2 and earlier allows a local attacker to cause a denial of service via an out-of-bounds read. Exploitation details are not provided in the documents. A fix is available in newer versions; remediation is to upgrade to a version that contains the fix ...
CVE-2025-22851
CVE-2025-22851 affects OpenHarmony v5.0.2 and earlier; the issue is an integer overflow in pre-installed apps that enables local attackers to achieve arbitrary code execution. Affected component/versions are OpenHarmony pre-installed apps on v5.0.2 and older. The provided documents do not specify...
CVE-2025-25217
CVE-2025-25217 affects OpenHarmony v5.0.3 and older. The root cause is a NULL pointer dereference in arkui_ace_engine (OpenHarmony components) that allows a local attacker to cause a denial-of-service condition. The available sources consistently describe a local attack vector with DOS impact and...
CVE-2025-27563
OpenHarmony vulnerability CVE-2025-27563 affects OpenHarmony v5.0.3 and earlier. A local attacker can cause information leakage due to improper preservation of permissions when accessing the get permission. The issue is explicitly described across multiple sources as a local information leak with...
CVE-2023-0035
OpenHarmony you’re looking at: affected product OpenHarmony v3.0.5 and earlier, with the issue in the softbus_client_stub of the communication subsystem. The root cause is an authentication bypass that enables an “SA relay attack,” allowing a local attacker to bypass authentication and target oth...
CVE-2024-21851
CVE-2024-21851 affects OpenHarmony v4.0.0 and earlier, with a heap overflow caused by an integer overflow. The CVE description indicates the issue relates to Dsoftbus and is exploitable only locally (no user interaction required) with a low-privilege context; available exploit details are not pro...