MidnightBSD

Advisories for openatom

CVE-2021-33639

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
openatom openeuler_kernel *
CVE-2022-36423

OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0

Products Affected

Vendor Product Version
openharmony openharmony *
openatom openharmony *
CVE-2022-38701

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.5 3.6
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
openharmony openharmony *
openatom openharmony *
CVE-2022-41686

OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.5 2.5
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 1.8 2.5

Products Affected

Vendor Product Version
openharmony openharmony *
openatom openharmony *
CVE-2023-25176

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.4 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2023-46708

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 4.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2023-49602

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 1.4 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-10074

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-12082

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-21816

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
openatom openharmony 4.0
CVE-2024-21826

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 4.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-21834

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-22092

in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 3.1 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-22098

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-22177

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through get permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-22180

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-23808

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L 2.0 2.7

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-24581

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-27217

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-28226

in OpenHarmony v4.0.0 and prior versions allow a remote attacker cause DOS through improper input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-28951

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony 4.0
CVE-2024-29074

in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-29086

in OpenHarmony v3.2.4 and prior versions allow a local attacker cause DOS through stack overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-31071

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-31078

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-36243

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.3 5.3

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-36260

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.3 5.3

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-36278

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-37030

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.3 5.3

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-37077

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.3 5.3

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-37185

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.2 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L 2.3 5.3

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-3757

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-3758

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-3759

in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-45070

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-47137

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-47398

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-47402

in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-47404

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-47797

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-54030

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 1.8 2.5

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2024-9978

in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-0302

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-0303

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-0304

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20011

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20021

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20024

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20042

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20063

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20081

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20091

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20102

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-20626

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-21082

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-21084

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through through NULL pointer dereference.. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-21089

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-21097

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-21098

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read bypass permission check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22443

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22452

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22835

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22837

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22841

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22842

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22847

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22851

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
scy@openharmony.io 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N 2.0 4.0

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22886

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-22897

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23234

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23235

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23240

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23409

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23414

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23418

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-23420

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24298

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24301

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24304

in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24309

in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 2.0 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24493

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24844

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-24925

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-25052

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-25057

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-25212

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-25217

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-25218

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-25277

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
scy@openharmony.io 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N 1.0 5.2

Products Affected

Vendor Product Version
openatom openharmony 5.0.3
openatom openharmony 5.1.0
CVE-2025-25278

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-26474

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony 5.0.3
CVE-2025-26690

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-26691

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-26693

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27128

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27131

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 1.8 4.2

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27132

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L 2.0 1.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27241

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27242

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27247

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27248

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27534

in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27536

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27562

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27563

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-27577

in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
scy@openharmony.io 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H 2.0 5.8

Products Affected

Vendor Product Version
openatom openharmony *
CVE-2025-41432

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony 5.0.3
openatom openharmony 5.1.0
CVE-2025-52458

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openatom openharmony 5.0.3
openatom openharmony 5.1.0
CVE-2025-6969

in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
scy@openharmony.io 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
openatom openharmony 5.0.3
openatom openharmony 5.1.0