|OpenHarmony-SA-2022-1201 | CVE-2022-45877 | PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | Network attackers can bypass the authentication, which reduces the difficulty of man-in-the-middle attacks. | 8.3 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release|distributedhardware_device_manager<br/>applications_hap<br/>security_device_auth|[3.1.x](https://gitee.com/openharmony/distributedhardware_device_manager/pulls/915)<br/>[3.1.x](https://gitee.com/openharmony/applications_hap/pulls/1364)<br/>[3.1.x](https://gitee.com/openharmony/security_device_auth/pulls/351)|Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-1202 | CVE-2022-41802 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |Reported by Researchers|
|OpenHarmony-SA-2022-1203 | CVE-2022-45126 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |Reported by Researchers|
|OpenHarmony-SA-2022-1204 | CVE-2022-43662 | Kernel subsystem in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. | 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS<br/>OpenHarmony-v1.1.0-LTS through OpenHarmony-v1.1.5-LTS|kernel_liteos_a|[3.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1065)<br/>[3.0.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1066)<br/>[1.1.x](https://gitee.com/openharmony/kernel_liteos_a/pulls/1075) |Reported by Researchers|
|OpenHarmony-SA-2022-1205 | CVE-2022-44455 | The appspawn and nwebspawn services were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. | An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash. | 6.8 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.2-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS|startup_appspawn|[3.1.x](https://gitee.com/openharmony/startup_appspawn/pulls/361)<br/>[3.0.x](https://gitee.com/openharmony/startup_appspawn/pulls/426) |Reported by OpenHarmony Team|
|OpenHarmony-SA-2022-1206 | CVE-2022-45118 | Telephony in communication subsystem sends public events with personal data, but the permission is not set. | Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.| 6.2 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release|telephony_state_registry<br/>telephony_sms_mms|[3.1.x](https://gitee.com/openharmony/telephony_state_registry/pulls/224)<br/>[3.1.x](https://gitee.com/openharmony/telephony_sms_mms/pulls/615) |Reported by OpenHarmony Team|
### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
| CVE-2022-20422 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-3303 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-42703 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-41222 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-3239 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-20423 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-41850 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/509)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/508)|
| CVE-2022-3586 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3625 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-42432 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3633 | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3635 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3629 | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3623 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3646 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3621 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3567 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-43750 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3545 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3523 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-2602 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-3628 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/541)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/537)|
| CVE-2022-40768 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-3566 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-3577 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-3606 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-3649 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-3564 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-20409 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/505)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/506)|
| CVE-2022-41849 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-20421 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3435 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-42719 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-42720 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-42721 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-42722 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-41674 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3535 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3521 | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3524 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3534 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3542 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502) |
| CVE-2022-3565 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|
| CVE-2022-3594 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.3-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.6-LTS | [3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/502)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/503)|