Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 167

Browse all 167 CVE security advisories affecting OpenHarmony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenHarmony is an open-source operating system designed for distributed scenarios across smart devices, IoT, and industrial applications. Its architecture emphasizes modularity and scalability, allowing developers to tailor the system for diverse hardware constraints. Historically, the project has faced 167 recorded Common Vulnerabilities and Exposures (CVEs), with recurring issues primarily involving buffer overflows, use-after-free errors, and improper input validation. These flaws often lead to remote code execution or privilege escalation, particularly within the device communication and permission management modules. While no single catastrophic incident has defined its history, the high volume of CVEs highlights challenges in maintaining rigorous security standards across its fragmented ecosystem. The project relies on community-driven patches and formal verification efforts to mitigate risks, though the complexity of its distributed nature continues to present significant attack surface challenges for security researchers and administrators alike.

Top products by OpenHarmony: OpenHarmony
CVE IDTitleCVSSSeverityPublished
CVE-2024-38386 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 8.4 High2024-09-02
CVE-2024-38382 Ability Runtime has an out-of-bounds read permission bypass vulnerability — OpenHarmonyCWE-125 5.5 Medium2024-09-02
CVE-2024-28044 Liteos-A has an integer overflow vulnerability — OpenHarmonyCWE-190 3.3 Low2024-09-02
CVE-2024-37077 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 8.2 High2024-07-02
CVE-2024-37185 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 8.2 High2024-07-02
CVE-2024-36260 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 8.2 High2024-07-02
CVE-2024-36278 Arkcompiler Ets Runtime has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2024-07-02
CVE-2024-36243 Arkcompiler Ets Runtime has an out-of-bounds read vulnerability — OpenHarmonyCWE-787 8.2 High2024-07-02
CVE-2024-37030 Arkcompiler Ets Runtime has a use after free vulnerability — OpenHarmonyCWE-416 8.2 High2024-07-02
CVE-2024-31071 Arkcompiler Ets Runtime has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2024-07-02
CVE-2024-3759 Hmdfs has a use after free vulnerability — OpenHarmonyCWE-416 6.5 Medium2024-05-07
CVE-2024-3758 Hmdfs has a heap buffer overflow vulnerability — OpenHarmonyCWE-122 6.5 Medium2024-05-07
CVE-2024-3757 Arkcompiler runtime has an integer overflow vulnerability — OpenHarmonyCWE-190 3.3 Low2024-05-07
CVE-2024-31078 Bluetooth Service has a use after free vulnerability — OpenHarmonyCWE-476 3.3 Low2024-05-07
CVE-2024-23808 Arkcompiler ets frontend has an out-of-bounds read vulnerability — OpenHarmonyCWE-125 5.2 Medium2024-05-07
CVE-2024-27217 MSDP has a use after free vulnerability — OpenHarmonyCWE-416 6.5 Medium2024-05-07
CVE-2024-29086 Arkcompiler runtime has a stack overflow svulnerability — OpenHarmonyCWE-770 3.3 Low2024-04-02
CVE-2024-28951 Arkcompiler runtime has a use after free vulnerability — OpenHarmonyCWE-416 5.5 Medium2024-04-02
CVE-2024-28226 Fs has an improper input validation vulnerability — OpenHarmonyCWE-20 8.1 High2024-04-02
CVE-2024-24581 Arkcompiler runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 6.5 Medium2024-04-02
CVE-2024-22092 Bundlemanager has an authentication bypass vulnerability — OpenHarmonyCWE-290 7.7 High2024-04-02
CVE-2024-29074 Telephony has an improper input validation vulnerability — OpenHarmonyCWE-20 6.5 Medium2024-04-02
CVE-2024-22180 Camera has a use after free vulnerability — OpenHarmonyCWE-416 3.3 Low2024-04-02
CVE-2024-22098 AVSession has a use after free vulnerability — OpenHarmonyCWE-416 6.5 Medium2024-04-02
CVE-2024-22177 Audio has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 3.3 Low2024-04-02
CVE-2024-21834 Arkui has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2024-04-02
CVE-2024-21826 Huks has an insecure storage of sensitive information vulnerability — OpenHarmonyCWE-922 4.3 Medium2024-03-04
CVE-2024-21816 Background task manager has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 4.0 Medium2024-03-04
CVE-2023-49602 Arkui has a type confusion vulnerability — OpenHarmonyCWE-843 2.9 Low2024-03-04
CVE-2023-46708 Wlan has a use after free vulnerability — OpenHarmonyCWE-416 4.3 Medium2024-03-04

This page lists every published CVE security advisory associated with OpenHarmony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.