PT-2023-18495 · Unknown · Openharmony
Published
2023-03-10
·
Updated
2024-09-09
·
CVE-2023-22436
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenHarmony versions prior to 3.1.5
Description
The issue is related to a Use After Free (UAF) vulnerability in the kernel subsystem function
check permission for set tokenid(). This vulnerability can be exploited by local attackers to escalate privileges to root.Recommendations
For versions prior to 3.1.5, update to a version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openharmony