CVE-2024-41160

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
Configurations

Configuration 1 (hide)

cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*

History

09 Sep 2024, 12:21

Type Values Removed Values Added
CPE cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:* cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*
First Time Openatom
Openatom openharmony

04 Sep 2024, 12:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*
First Time Openharmony openharmony
Openharmony
References () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md - () https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md - Permissions Required

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) en OpenHarmony v4.1.0 y versiones anteriores se permite que un atacante local haga que el permiso común se actualice a superusuario y se filtre información confidencial mediante use after free.

02 Sep 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 05:15

Updated : 2024-09-09 12:21


NVD link : CVE-2024-41160

Mitre link : CVE-2024-41160

CVE.ORG link : CVE-2024-41160


JSON object : View

Products Affected

openatom

  • openharmony
CWE
CWE-416

Use After Free