CVE-2022-41686

Name of the Vulnerable Software and Affected Versions OpenHarmony versions 3.1.2 and prior OpenHarmony versions 3.0.6 and prior

Description The issue is related to an Out-of-bound memory read and write vulnerability in the /dev/mmz userdev device driver. The impact depends on the privileges of the attacker. An unprivileged process could read out-of-bound memory, leading to sensitive information disclosure. Processes with system user UID could write out-of-bound memory, potentially causing unspecified memory corruption.

Recommendations For OpenHarmony versions 3.1.2 and prior, consider restricting access to the /dev/mmz userdev device driver until a patch is available. For OpenHarmony versions 3.0.6 and prior, consider restricting access to the /dev/mmz userdev device driver until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.