cnvd-2022-44623
Vulnerability from cnvd
Title: Huawei HarmonyOS DFX模块输入验证错误漏洞
Description:
Huawei HarmonyOS是中国华为(Huawei)公司的一个操作系统。提供一个基于微内核的全场景分布式操作系统。
Huawei HarmonyOS DFX模块存在输入验证错误漏洞。该漏洞源于DFX模块存在完整性检查值的验证不当。攻击者可利用此漏洞导致系统稳定性受影响。
Severity: 中
Patch Name: Huawei HarmonyOS DFX模块输入验证错误漏洞的补丁
Patch Description:
Huawei HarmonyOS是中国华为(Huawei)公司的一个操作系统。提供一个基于微内核的全场景分布式操作系统。
Huawei HarmonyOS DFX模块存在输入验证错误漏洞。该漏洞源于DFX模块存在完整性检查值的验证不当。攻击者可利用此漏洞导致系统稳定性受影响。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202204-0000001266901897
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-22253
Impacted products
Name | ['Huawei HarmonyOS 2.0', 'Huawei EMUI 10.0.0', 'Huawei EMUI 10.1.0', 'Huawei EMUI 10.1.1', 'Huawei EMUI 11.0.0', 'Huawei Magic UI 3.0.0', 'Huawei Magic UI 3.1.0', 'Huawei Magic UI 3.1.1', 'Huawei Magic UI 4.0.0', 'Huawei EMUI 11.0.1', 'Huawei EMUI 12.0.0'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2022-22253", "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-22253" } }, "description": "Huawei HarmonyOS\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u63d0\u4f9b\u4e00\u4e2a\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5168\u573a\u666f\u5206\u5e03\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nHuawei HarmonyOS DFX\u6a21\u5757\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eDFX\u6a21\u5757\u5b58\u5728\u5b8c\u6574\u6027\u68c0\u67e5\u503c\u7684\u9a8c\u8bc1\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u7cfb\u7edf\u7a33\u5b9a\u6027\u53d7\u5f71\u54cd\u3002", "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://device.harmonyos.com/cn/docs/security/update/security-bulletins-202204-0000001266901897", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2022-44623", "openTime": "2022-06-10", "patchDescription": "Huawei HarmonyOS\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u63d0\u4f9b\u4e00\u4e2a\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5168\u573a\u666f\u5206\u5e03\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nHuawei HarmonyOS DFX\u6a21\u5757\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eDFX\u6a21\u5757\u5b58\u5728\u5b8c\u6574\u6027\u68c0\u67e5\u503c\u7684\u9a8c\u8bc1\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5bfc\u81f4\u7cfb\u7edf\u7a33\u5b9a\u6027\u53d7\u5f71\u54cd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Huawei HarmonyOS DFX\u6a21\u5757\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01", "products": { "product": [ "Huawei HarmonyOS 2.0", "Huawei EMUI 10.0.0", "Huawei EMUI 10.1.0", "Huawei EMUI 10.1.1", "Huawei EMUI 11.0.0", "Huawei Magic UI 3.0.0", "Huawei Magic UI 3.1.0", "Huawei Magic UI 3.1.1", "Huawei Magic UI 4.0.0", "Huawei EMUI 11.0.1", "Huawei EMUI 12.0.0" ] }, "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-22253", "serverity": "\u4e2d", "submitTime": "2022-04-07", "title": "Huawei HarmonyOS DFX\u6a21\u5757\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…