in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
History

Wed, 11 Dec 2024 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Openatom
Openatom openharmony
CPEs cpe:2.3:o:openatom:openharmony:*:*:*:*:*:*:*:*
Vendors & Products Openatom
Openatom openharmony

Tue, 03 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
CPEs cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*
Vendors & Products Openharmony
Openharmony openharmony
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Dec 2024 12:45:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
Title Liteos_a has an use after free vulnerability
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2024-12-03T12:15:19.668Z

Updated: 2024-12-03T14:26:34.062Z

Reserved: 2024-10-17T07:55:53.383Z

Link: CVE-2024-10074

cve-icon Vulnrichment

Updated: 2024-12-03T14:26:17.224Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-03T13:15:04.490

Modified: 2024-12-11T03:51:27.577

Link: CVE-2024-10074

cve-icon Redhat

No data.