CVE-2023-22301 - OpenCVE

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Openharmony	Openharmony

Configuration 1 [-]

cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*

References

Link	Resource
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2023-03-10T10:44:38.102Z

Updated: 2023-03-10T10:44:38.102Z

Reserved: 2023-01-05T12:23:16.622Z

Link: CVE-2023-22301

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-10T11:15:12.127

Modified: 2023-11-07T04:06:49.710

Link: CVE-2023-22301

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-22301", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "state": "PUBLISHED", "assignerShortName": "OpenHarmony", "dateReserved": "2023-01-05T12:23:16.622Z", "datePublished": "2023-03-10T10:44:38.102Z", "dateUpdated": "2023-03-10T10:44:38.102Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenHarmony", "vendor": "OpenHarmony", "versions": [{"lessThanOrEqual": "3.1.5", "status": "affected", "version": "3.1", "versionType": "custom"}]}], "datePublic": "2023-03-11T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an \n\n<span style=\"background-color: rgb(255, 255, 255);\">arbitrary memory accessing </span>vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.<br>"}], "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions\u00a0has an \n\narbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.\n"}], "impacts": [{"capecId": "CAPEC-47", "descriptions": [{"lang": "en", "value": "CAPEC-47 Buffer Overflow via Parameter Expansion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2023-03-10T10:44:38.102Z"}, "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md"}], "source": {"discovery": "UNKNOWN"}, "title": "The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}