6 matches found
CVE-2024-31078
OpenHarmony suffers a local vulnerability (CVE-2024-31078) in v4.0.0 and earlier where a NULL pointer dereference can crash a service. The issue is described across multiple sources as a local attack leading to a service crash, with the OpenHarmony lineage prior to 4.0.0 implicated. Root cause de...
CVE-2024-23808
CVE-2024-23808 affects OpenHarmony up to v4.0.0 and earlier. The vulnerability allows a local attacker to execute arbitrary code in pre-installed apps via a use-after-free condition, or cause denial of service through a NULL pointer dereference. The available sources consistently describe the imp...
CVE-2024-3759
CVE-2024-3759 affects OpenHarmony v4.0.0 and earlier. The vulnerability is a use-after-free in TCB that enables a local attacker to achieve arbitrary code execution. The available sources describe a local threat with high-impact implications (confidentiality, integrity, and availability could be ...
CVE-2024-27217
The CVE-2024-27217 entry concerns OpenHarmony v4.0.0 and earlier, where a use-after-free vulnerability in pre-installed apps could allow a local attacker to achieve arbitrary code execution. • Affected product: OpenHarmony (version 4.0.0 and before). • Root cause: use-after-free in pre-installed ...
CVE-2024-3758
OpenHarmony CVE-2024-3758 affects OpenHarmony v4.0.0 and earlier. The vulnerability is a heap buffer overflow in the TCB that allows a local attacker to achieve arbitrary code execution. In practice, impact is local, with high confidentiality/integrity/availability concerns per the linked sources...
CVE-2024-3757
OpenHarmony shows a local integer overflow vulnerability (CVE-2024-3757) affecting v4.0.0 and earlier. The issue allows a local attacker to crash the service due to an overflow in a component used by Arkcompiler runtime, with no public exploit details provided in the sources. Affected versions: O...