Vulnerabilities > CVE-2022-45126 - Out-of-bounds Write vulnerability in Openharmony

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

openharmony

CWE-787

NVD

Published: 2023-01-09

Updated: 2023-01-12

Summary

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Vulnerable Configurations

Part	Description	Count
Application	Openharmony Openharmony Openharmony 3.0 Openharmony Openharmony 3.0.6 Openharmony Openharmony 1.1.0 Openharmony Openharmony 1.1.5 Openharmony Openharmony 3.1.1 Openharmony Openharmony 3.1.2 Openharmony Openharmony 3.1.4	8

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md