Openharmony Security Vulnerabilities and Issues — Openharmony CVE List

Lucene search

OpenatomOpenharmony

33 matches found

CVE•added 2024/04/02 7:15 a.m.•59 views

CVE-2024-24581

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

7.8CVSS6.8AI score0.00073EPSS

CVE•added 2022/12/08 4:15 p.m.•57 views

CVE-2022-44455

The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the devi...

7.8CVSS7.4AI score0.00053EPSS

CVE•added 2024/05/07 7:15 a.m.•54 views

CVE-2024-27217

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

7.8CVSS7.5AI score0.00078EPSS

CVE•added 2024/05/07 7:15 a.m.•53 views

CVE-2024-23808

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.

7.8CVSS7.6AI score0.00068EPSS

CVE•added 2024/05/07 7:15 a.m.•53 views

CVE-2024-3759

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.

7.8CVSS7.5AI score0.00097EPSS

CVE•added 2025/03/04 4:15 a.m.•52 views

CVE-2025-24309

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2024/03/04 7:15 a.m.•51 views

CVE-2023-46708

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

7.8CVSS5.2AI score0.00066EPSS

CVE•added 2025/03/04 4:15 a.m.•50 views

CVE-2025-23409

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2025/03/04 4:15 a.m.•49 views

CVE-2025-20091

7.8CVSS7.5AI score0.0002EPSS

CVE•added 2025/03/04 4:15 a.m.•49 views

CVE-2025-20626

7.8CVSS7.5AI score0.0002EPSS

CVE•added 2025/03/04 4:15 a.m.•49 views

CVE-2025-23414

7.8CVSS7.7AI score0.00023EPSS

CVE•added 2025/03/04 4:15 a.m.•49 views

CVE-2025-24301

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2025/03/04 4:15 a.m.•48 views

CVE-2025-0587

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

7.8CVSS7.5AI score0.0002EPSS

CVE•added 2025/03/04 4:15 a.m.•48 views

CVE-2025-21084

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2025/03/04 4:15 a.m.•48 views

CVE-2025-23240

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2025/05/06 9:15 a.m.•48 views

CVE-2025-27132

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

7.8CVSS7.5AI score0.0002EPSS

CVE•added 2024/04/02 7:15 a.m.•47 views

CVE-2024-22092

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.

7.7CVSS7.5AI score0.00169EPSS

CVE•added 2024/05/07 7:15 a.m.•47 views

CVE-2024-3758

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.

7.8CVSS7.6AI score0.00087EPSS

CVE•added 2025/03/04 4:15 a.m.•47 views

CVE-2025-22835

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2024/04/02 7:15 a.m.•46 views

CVE-2024-28951

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

7.8CVSS5.9AI score0.0007EPSS

CVE•added 2025/03/04 4:15 a.m.•43 views

CVE-2025-23420

7.8CVSS7.5AI score0.00023EPSS

CVE•added 2023/01/09 3:15 a.m.•41 views

CVE-2023-0035

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

7.8CVSS7.1AI score0.00008EPSS

CVE•added 2024/02/02 7:15 a.m.•41 views

CVE-2024-21845

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.

7.8CVSS7.7AI score0.00032EPSS

CVE•added 2023/01/09 3:15 a.m.•40 views

CVE-2022-43662

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8CVSS5.8AI score0.0003EPSS

CVE•added 2023/03/10 11:15 a.m.•39 views

CVE-2023-22436

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

7.8CVSS7.6AI score0.00035EPSS

CVE•added 2024/09/02 5:15 a.m.•39 views

CVE-2024-39775

in OpenHarmony v4.1.0 and prior versions allow a remote attacker cause information leak through out-of-bounds Read.

7.5CVSS6.5AI score0.00145EPSS

CVE•added 2023/03/10 11:15 a.m.•36 views

CVE-2023-22301

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

7.5CVSS6.7AI score0.00064EPSS

CVE•added 2024/02/02 7:15 a.m.•36 views

CVE-2024-21851

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow.

7.8CVSS7.7AI score0.00032EPSS

CVE•added 2023/11/20 12:15 p.m.•34 views

CVE-2023-3116

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions.

7.3CVSS6.8AI score0.00021EPSS

CVE•added 2023/01/09 3:15 a.m.•33 views

CVE-2023-0036

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

7.8CVSS7.1AI score0.00008EPSS

CVE•added 2023/11/20 12:15 p.m.•33 views

CVE-2023-6045

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.

7.8CVSS6.7AI score0.00026EPSS

CVE•added 2022/09/09 3:15 p.m.•32 views

CVE-2022-36423

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

7.4CVSS7.5AI score0.00105EPSS

CVE•added 2023/01/09 3:15 a.m.•30 views

CVE-2022-45126

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

7.8CVSS5.8AI score0.0003EPSS