Vulnerabilities > CVE-2022-41686 - Out-of-bounds Write vulnerability in multiple products

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

local

low complexity

openharmony

openatom

CWE-787

NVD

Published: 2022-10-14

Updated: 2024-09-09

Summary

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

Vulnerable Configurations

Part	Description	Count
Application	Openharmony Openharmony Openharmony *	1
OS	Openatom Openatom Openharmony 3.1 Openatom Openharmony 3.1.1 Openatom Openharmony 3.1.2	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md