CVE-2022-42463

Name of the Vulnerable Software and Affected Versions OpenHarmony versions prior to 3.1.2

Description The issue is related to an authentication bypass vulnerability in the callback handler function of Softbus server in the communication subsystem. Attackers can exploit this by sending Bluetooth rfcomm packets to any remote device, allowing them to execute arbitrary commands on distributed networks.

Recommendations For OpenHarmony versions prior to 3.1.2, as a temporary workaround, consider disabling the callback handler function of Softbus server in the communication subsystem until a patch is available. Restrict access to the Softbus server to minimize the risk of exploitation. Avoid using the vulnerable function to handle Bluetooth rfcomm packets until the issue is resolved.