admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-416xx/CVE-2022-41686.json
cad-safe-bot cc4dea58f2 Auto-Update: 2024-09-09T14:00:18.125964+00:00
2024-09-09 14:03:17 +00:00

123 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-41686",
"sourceIdentifier": "scy@openharmony.io",
"published": "2022-10-14T15:16:20.347",
"lastModified": "2024-09-09T12:21:53.383",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption."
},
{
"lang": "es",
"value": "OpenHarmony versiones v3.1.2 y versiones anteriores, 3.0.6 y versiones anteriores, presentan una vulnerabilidad de lectura y escritura de memoria fuera de l\u00edmites en el controlador de dispositivo /dev/mmz_userdev. El impacto depende de los privilegios del atacante. El proceso no privilegiado que es ejecutado en el dispositivo podr\u00eda leer memoria fuera de l\u00edmites, conllevando a una revelaci\u00f3n de informaci\u00f3n confidencial. Los procesos con UID de usuario del sistema que es ejecutadon en el dispositivo podr\u00edan escribir memoria fuera de l\u00edmites, lo que podr\u00eda conllevar a una corrupci\u00f3n de memoria no especificada"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "scy@openharmony.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:long_term_support:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.0.6",
"matchCriteriaId": "9883900A-457C-4533-B08F-A34DB70346DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*",
"versionStartIncluding": "3.1",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "1851DC7A-A8D5-46D9-BC51-ED8152B8F345"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md",
"source": "scy@openharmony.io",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink