CVE-2024-41157

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
Configurations

Configuration 1 (hide)

cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*

History

04 Sep 2024, 16:30

Type Values Removed Values Added
CPE cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.8
First Time Openatom
Openatom openharmony
References () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md - () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md - Vendor Advisory

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) en OpenHarmony v4.1.0 y versiones anteriores se permite que un atacante local haga que el permiso común se actualice a superusuario y se filtre información confidencial mediante use after free.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-04 16:30


NVD link : CVE-2024-41157

Mitre link : CVE-2024-41157

CVE.ORG link : CVE-2024-41157


JSON object : View

Products Affected

openatom

  • openharmony
CWE
CWE-416

Use After Free