CVE-2022-41802
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
08/12/2022
Last modified:
09/09/2024
Description
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
Impact
Base Score 3.x
3.30
Severity 3.x
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:* | 3.1 (including) | 3.1.4 (including) |
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:* | 1.1.0 (including) | 1.1.5 (including) |
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:* | 3.0 (including) | 3.0.6 (including) |
To consult the complete list of CPE names with products and versions, see this page