3.1.2

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

local

low complexity

openharmony

CWE-787

NVD

Published: 2022-12-08

Updated: 2022-12-12

Summary

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Vulnerable Configurations

Part	Description	Count
Application	Openharmony Openharmony Openharmony 3.1 Openharmony Openharmony 3.1.1 Openharmony Openharmony 3.1.2 Openharmony Openharmony *	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md