CVE-2022-42464

Name of the Vulnerable Software and Affected Versions OpenHarmony versions 3.1.2 and prior OpenHarmony versions 3.0.6 and prior

Description The issue is related to a Kernel memory pool override vulnerability in the /dev/mmz userdev device driver. The impact depends on the privileges of the attacker. An unprivileged process could disclose sensitive information, including kernel pointers, which could be used in further attacks. Processes with system user UID could mmap memory pools used by the kernel and override them, potentially gaining kernel code execution, root privileges, or causing a device reboot.

Recommendations For OpenHarmony versions 3.1.2 and prior, consider restricting access to the /dev/mmz userdev device driver to minimize the risk of exploitation. For OpenHarmony versions 3.0.6 and prior, consider restricting access to the /dev/mmz userdev device driver to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.