CVE-2022-41686

MEDIUM

OpenHarmony-v3.1.2- prior - Memory Corruption

Title source: llm

Description

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

References (1)

Core 1

Core References

Third Party Advisory

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md

Scores

CVSS v3 5.1

EPSS 0.0006

EPSS Percentile 19.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125 CWE-787

Status published

Products (2)

openatom/openharmony 3.1 - 3.1.2

openharmony/openharmony 3.0 - 3.0.6

Published Oct 14, 2022

Tracked Since Feb 18, 2026