security bulletin in December 2022

Signed-off-by: N louis.liuxu <louis.liuxu@huawei.com>

security bulletin in December 2022
Signed-off-by: N louis.liuxu <louis.liuxu@huawei.com>
3698bdfc · louis.liuxu · 6751c5a6 · 3698bdfc · 3698bdfc · 3698bdfc
4 changed file
--- a/en/security-disclosure/2022/2022-12.md
+++ b/en/security-disclosure/2022/2022-12.md
+## Security Vulnerabilities in December 2022
+_published December 6,2022_<br/>
+_updated December 6,2022_
+
+| Vulnerability ID | related Vulnerability | Vulnerability Description | Vulnerability Impact | CVSS3.1 Base Score | affected versions | affected projects| fix link | reference |
+| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | ------- |
+|OpenHarmony-SA-2022-1201 | CVE-2022-45877 | PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks. | 8.3 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release|distributedhardware_device_manager<br/>applications_hap<br/>security_device_auth|[3.1.x](https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915)<br/>[3.1.x](https://gitee.com/openharmony/applications_hap/pulls/1364)<br/>[3.1.x](https://gitee.com/openharmony/security_device_auth/pulls/351)|Reported by OpenHarmony Team|
+|OpenHarmony-SA-2022-1202 | CVE-2022-41802 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |Reported by Researchers|
+|OpenHarmony-SA-2022-1203 | CVE-2022-45126 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |Reported by Researchers|
+|OpenHarmony-SA-2022-1204 | CVE-2022-43662 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |Reported by Researchers|
+|OpenHarmony-SA-2022-1205 | CVE-2022-44455 | The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. | An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. | 6.8 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS|startup_appspawn|[3.1.x](https://gitee.com/openharmony/startup_appspawn/pulls/361)<br/>[3.0.x](https://gitee.com/openharmony/startup_appspawn/pulls/426) |Reported by OpenHarmony Team|
+|OpenHarmony-SA-2022-1206 | CVE-2022-45118 | Telephony in communication subsystem sends public events with personal data, but the permission is not set. | Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.| 6.2 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release|telephony_state_registry<br/>telephony_sms_mms|[3.1.x](https://gitee.com/openharmony/telephony_state_registry/pulls/224)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/615) |Reported by OpenHarmony Team|
+
+### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
+| CVE | severity | affected OpenHarmony versions | fix link |
+| --- | -------- | ---------------------- | ------- |
+| CVE-2022-20422 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-3303  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-42703 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-41222 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-3239  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-20423 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-41850 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-3586  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3625  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-42432 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3633  | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3635  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3629  | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3623  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3646  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3621  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3567  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-43750 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3545  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3523  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-2602  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3628  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-40768 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3566  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3577  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3606  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3649  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3564  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-20409 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-41849 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-20421 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3435  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42719 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42720 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42721 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42722 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-41674 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3535  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3521  | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3524  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3534  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3542  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release                                                | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)                                                                     |
+| CVE-2022-3565  | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3594  | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
--- a/en/security-disclosure/README.md
+++ b/en/security-disclosure/README.md
@@ -3,6 +3,7 @@
 This document describes the security vulnerabilities of OpenHarmony.

 ## Security Vulnerabilities in 2022
+**[Security Vulnerabilities in December](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md)**  
 **[Security Vulnerabilities in November](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md)**  
 **[Security Vulnerabilities in October](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md)**  
 **[Security Vulnerabilities in September](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md)**  

--- a/zh/security-disclosure/2022/2022-12.md
+++ b/zh/security-disclosure/2022/2022-12.md
+## 2022年12月安全漏洞
+_发布于2022.12.06_<br/>
+_最后更新于2022.12.06_
+
+| 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | CVSS3.1基础得分 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 |
+| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | ------- |
+|OpenHarmony-SA-2022-1201 | CVE-2022-45877 | 跨设备认证中pin码会明文传输到对端设备进行校验，会降低中间人攻击的难度。 | 攻击者可在局域网发起攻击，绕过权限管控机制，降低中间人攻击的难度。| 8.3 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release|distributedhardware_device_manager<br/>applications_hap<br/>security_device_auth|[3.1.x](https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915)<br/>[3.1.x](https://gitee.com/openharmony/applications_hap/pulls/1364)<br/>[3.1.x](https://gitee.com/openharmony/security_device_auth/pulls/351)|本项目组上报|
+|OpenHarmony-SA-2022-1202 | CVE-2022-41802 | 内核子系统kernel_liteos_a中系统调用SysClockGetres存在泄漏内核栈的漏洞。 | 攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。| 4.0 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |研究者上报|
+|OpenHarmony-SA-2022-1203 | CVE-2022-45126 | 内核子系统kernel_liteos_a中系统调用SysClockGettime存在泄漏内核栈的漏洞。 | 攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。| 4.0 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |研究者上报|
+|OpenHarmony-SA-2022-1204 | CVE-2022-43662 | 内核子系统kernel_liteos_a中系统调用SysTimerGettime存在泄漏内核栈的漏洞。 | 攻击者可在本地发起攻击，导致编译器自动填充的4字节数据被误拷贝到用户空间，造成内核栈上泄漏4字节内容。| 4.0 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS到OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |研究者上报|
+|OpenHarmony-SA-2022-1205 | CVE-2022-44455 | appspawn and nwebspawn服务 对输入缺少校验，存在内存溢出漏洞。 | 攻击者可在本地发起攻击，恶意应用可以提升权限或造成应用崩溃。| 6.8 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.2-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS|startup_appspawn|[3.1.x](https://gitee.com/openharmony/startup_appspawn/pulls/361)<br/>[3.0.x](https://gitee.com/openharmony/startup_appspawn/pulls/426) |本项目组上报|
+|OpenHarmony-SA-2022-1206 | CVE-2022-45118 | 通信子系统telephony发送公共事件时带有个人数据，但缺少权限设置。 | 攻击者可在本地发起攻击，恶意应用可以无权限监听广播获取手机号、短信数据等信息。| 6.2 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release|telephony_state_registry<br/>telephony_sms_mms|[3.1.x](https://gitee.com/openharmony/telephony_state_registry/pulls/224)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/615) |本项目组上报|
+
+
+### 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
+| CVE | 严重程度 | 受影响的OpenHarmony版本 | 修复链接 |
+| --- | -------- | ---------------------- | ------- |
+| CVE-2022-20422 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-3303  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-42703 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-41222 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-3239  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-20423 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-41850 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
+| CVE-2022-3586  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3625  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-42432 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3633  | 低 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3635  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3629  | 低 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3623  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3646  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3621  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3567  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-43750 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3545  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3523  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-2602  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-3628  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
+| CVE-2022-40768 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3566  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3577  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3606  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3649  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-3564  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-20409 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
+| CVE-2022-41849 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-20421 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3435  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42719 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42720 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42721 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-42722 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-41674 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3535  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3521  | 低 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3524  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3534  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3542  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release                                                  |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)                                                                        |
+| CVE-2022-3565  | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
+| CVE-2022-3594  | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.6-LTS |  [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) <br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
--- a/zh/security-disclosure/README.md
+++ b/zh/security-disclosure/README.md
@@ -3,6 +3,7 @@
 本文档主要发布OpenHarmony软件的安全漏洞公告。

 ## 2022年安全漏洞
+**[2022年12月安全漏洞](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2022/2022-12.md)**  
 **[2022年11月安全漏洞](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2022/2022-11.md)**  
 **[2022年10月安全漏洞](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2022/2022-10.md)**  
 **[2022年9月安全漏洞](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2022/2022-09.md)**