Skip to content

S
Security

OpenHarmony / Security
9 个月 前同步成功

通知 3
Star 22
Fork 0
S
Security

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

未验证 提交 ca3ff0c3 编写于 作者: M mamingshuai 提交者: Gitee
浏览文件
操作

!24 新增2023年02月安全公告 

Merge pull request !24 from louis.liuxu/master
上级 06e81c8e 84073eb0
隐藏空白更改
内联 并排
Showing with 89 addition and 0 deletion
en/security-disclosure/2023/2023-02.md 0 → 100644
浏览文件 @ ca3ff0c3
## Security Vulnerabilities in Feburary 2023
_published Feburary 3,2023_<br/>
_updated Feburary 3,2023_
| Vulnerability ID | related Vulnerability | Vulnerability Description | Vulnerability Impact | CVSS3.1 Base Score | affected versions | affected projects| fix link | reference |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | ------- |
|OpenHarmony-SA-2023-0201 | CVE-2023-0083 | The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.| Local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | 4.0 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS|arkui_ace_engine|[3.1.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/8872)<br/>[3.0.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/8877)|Reported by researchers|
|OpenHarmony-SA-2023-0202 | CVE-2023-22301 | The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability. | Network attackers can launch a remote attack to obtain kernel memory data of the target system. | 6.5 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release|kernel_linux_5.10|[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/656)|Reported by researchers|
|OpenHarmony-SA-2023-0203 | CVE-2023-22436 | The kernel subsystem function check_permission_for_set_tokenid has an UAF vulnerability. | Local attackers can exploit this vulnerability to escalate the privilege to root. | 7.8 |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release|kernel_linux_5.10|[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/598)|Reported by researchers|
### The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.
| CVE | severity | affected OpenHarmony versions | fix link |
| --- | -------- | ---------------------- | ------- |
| CVE-2022-2347 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/third_party_u-boot/pulls/62)<br/>[3.0.x](https://gitee.com/openharmony/third_party_u-boot/pulls/63) |
| CVE-2022-4135 | Critical|OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4186 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4438 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4437 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4436 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-41218 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3424 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-4129 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-42328 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3643 | Critical|OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3105 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3104 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3115 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3113 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3112 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3111 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/584)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/585) |
| CVE-2022-3108 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-3107 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/590)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/591) |
| CVE-2022-3106 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/592)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/593) |
| CVE-2022-47519 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-43551 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_curl/pulls/99)<br/>[3.0.x](https://gitee.com/openharmony/third_party_curl/pulls/100)<br/>[1.1.x](https://gitee.com/openharmony/third_party_curl/pulls/101) |
| CVE-2022-43552 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_curl/pulls/99)<br/>[3.0.x](https://gitee.com/openharmony/third_party_curl/pulls/100)<br/>[1.1.x](https://gitee.com/openharmony/third_party_curl/pulls/101) |
| CVE-2022-47518 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-47520 | Low |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-47521 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-3109 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release through OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_ffmpeg/pulls/71)<br/>[3.0.x](https://gitee.com/openharmony/third_party_ffmpeg/pulls/72)<br/>[1.1.x](https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18)|
| CVE-2022-4662 | Medium |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/608)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/609) |
| CVE-2022-3890 | Critical|OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-20568 | High |OpenHarmony-v3.1-Release through OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS through OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/629)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/630) |
\ No newline at end of file
en/security-disclosure/README.md
浏览文件 @ ca3ff0c3
......@@ -2,6 +2,7 @@
This document describes the security vulnerabilities of OpenHarmony.
## Security Vulnerabilities in 2023
**[Security Vulnerabilities in Feburary](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md)**
**[Security Vulnerabilities in January](https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-01.md)**
## Security Vulnerabilities in 2022
......
zh/security-disclosure/2023/2023-02.md 0 → 100644
浏览文件 @ ca3ff0c3
## 2023年02月安全漏洞
_发布于2022.02.07_<br/>
_最后更新于2022.02.07_
| 漏洞编号 | 相关漏洞 | 漏洞描述 | 漏洞影响 | CVSS3.1基础得分 | 受影响的版本 | 受影响的仓库 | 修复链接 | 参考链接 |
| -------- |-------- | -------- | -------- | ----------- | ----------- | -------- | ------- | ------- |
|OpenHarmony-SA-2023-0201 | CVE-2023-0083 | ArkUI框架子系统未对入参进行类型检查导致类型混淆,造成访问非法内存。 | 攻击者可在本地内发起攻击,造成当前应用崩溃。| 4.0 |OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS 到 OpenHarmony-v3.0.7-LTS|arkui_ace_engine|[3.1.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/8872)<br/>[3.0.x](https://gitee.com/openharmony/arkui_ace_engine/pulls/8877)|研究员上报|
|OpenHarmony-SA-2023-0202 | CVE-2023-22301 | 内核子系统中hmdfs存在内核任意内存越界读漏洞。 | 攻击者可发起远程攻击,可获取目标系统的内核内存数据。| 6.5 |OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release|kernel_linux_5.10|[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/656)|研究员上报|
|OpenHarmony-SA-2023-0203 | CVE-2023-22436 | 内核子系统中check_permission_for_set_tokenid函数中存在UAF漏洞。 | 本地攻击者利用该漏洞攻击可以权限提升,获得root权限。| 7.8 |OpenHarmony-v3.1-Release 到 OpenHarmony-v3.1.5-Release|kernel_linux_5.10|[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/598)|研究员上报|
### 以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。
| CVE | 严重程度 | 受影响的OpenHarmony版本 | 修复链接 |
| --- | -------- | ---------------------- | ------- |
| CVE-2022-2347 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/third_party_u-boot/pulls/62)<br/>[3.0.x](https://gitee.com/openharmony/third_party_u-boot/pulls/63) |
| CVE-2022-4135 | 严重|OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4186 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4438 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4437 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-4436 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-41218 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3424 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-4129 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-42328 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3643 | 严重|OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/646)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/647) |
| CVE-2022-3105 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3104 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3115 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3113 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3112 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/579)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/580) |
| CVE-2022-3111 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/584)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/585) |
| CVE-2022-3108 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-3107 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/590)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/591) |
| CVE-2022-3106 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/592)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/593) |
| CVE-2022-47519 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-43551 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_curl/pulls/99)<br/>[3.0.x](https://gitee.com/openharmony/third_party_curl/pulls/100)<br/>[1.1.x](https://gitee.com/openharmony/third_party_curl/pulls/101) |
| CVE-2022-43552 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_curl/pulls/99)<br/>[3.0.x](https://gitee.com/openharmony/third_party_curl/pulls/100)<br/>[1.1.x](https://gitee.com/openharmony/third_party_curl/pulls/101) |
| CVE-2022-47518 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-47520 | 低 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-47521 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.4-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/586)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/587) |
| CVE-2022-3109 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS<br/>OpenHarmony-v1.1.0-Release到OpenHarmony-v1.1.5-LTS|[3.1.x](https://gitee.com/openharmony/third_party_ffmpeg/pulls/71)<br/>[3.0.x](https://gitee.com/openharmony/third_party_ffmpeg/pulls/72)<br/>[1.1.x](https://gitee.com/openharmony/device_hisilicon_third_party_ffmpeg/pulls/18)|
| CVE-2022-4662 | 中 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/608)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/609) |
| CVE-2022-3890 | 严重|OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release |[3.1.x](https://gitee.com/openharmony/web_webview/pulls/546) |
| CVE-2022-20568 | 高 |OpenHarmony-v3.1-Release到OpenHarmony-v3.1.5-Release<br/>OpenHarmony-v3.0-LTS到OpenHarmony-v3.0.7-LTS |[3.1.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/629)<br/>[3.0.x](https://gitee.com/openharmony/kernel_linux_5.10/pulls/630) |
\ No newline at end of file
zh/security-disclosure/README.md
浏览文件 @ ca3ff0c3
......@@ -2,6 +2,7 @@
本文档主要发布OpenHarmony软件的安全漏洞公告。
## 2023年安全漏洞
**[2023年02月安全漏洞](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-02.md)**
**[2023年01月安全漏洞](https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-01.md)**
## 2022年安全漏洞
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册