CVE-2022-41802

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
08/12/2022
Last modified:
09/09/2024

Description

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:* 3.1 (including) 3.1.4 (including)
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:* 1.1.0 (including) 1.1.5 (including)
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:* 3.0 (including) 3.0.6 (including)