|OpenHarmony-SA-2023-0201 | CVE-2023-0083 | The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.| Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS|arkui_ace_engine|[3.1.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/8872)<br/>[3.0.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/8877)|Reported by researchers|
|OpenHarmony-SA-2023-0202 | CVE-2023-22301 | The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability. | Network attackers can launch a remote attack to obtain kernel memory data of the target system. | 6.5 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release|kernel_linux_5.10|[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/656)|Reported by researchers|
|OpenHarmony-SA-2023-0203 | CVE-2023-22436 | The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability. | Local attackers can exploit this vulnerability to escalate the privilege to root. | 7.8 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release|kernel_linux_5.10|[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/598)|Reported by researchers|
### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
| CVE-2022-2347 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/third_party_u-boot/pulls/62)<br/>[3.0.x](https://gitee.com/openharmony/third_party_u-boot/pulls/63) |
| CVE-2022-4135 | Critical|OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4186 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4438 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4437 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4436 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-41218 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3424 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-4129 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-42328 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3643 | Critical|OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3105 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3104 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3115 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3113 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3112 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3111 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/584)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/585) |
| CVE-2022-3108 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-3107 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/590)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/591) |
| CVE-2022-3106 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/592)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/593) |
| CVE-2022-47519 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-43551 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_curl/pulls/99)<br/>[3.0.x](https://gitee.com/openharmony/third_party_curl/pulls/100)<br/>[1.1.x](https://gitee.com/openharmony/third_party_curl/pulls/101) |
| CVE-2022-43552 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_curl/pulls/99)<br/>[3.0.x](https://gitee.com/openharmony/third_party_curl/pulls/100)<br/>[1.1.x](https://gitee.com/openharmony/third_party_curl/pulls/101) |
| CVE-2022-47518 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-47520 | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-47521 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-3109 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_ffmpeg/pulls/71)<br/>[3.0.x](https://gitee.com/openharmony/third_party_ffmpeg/pulls/72)<br/>[1.1.x](https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18)|
| CVE-2022-4662 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/608)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/609) |
| CVE-2022-3890 | Critical|OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-20568 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/629)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/630) |