CVE-2022-43662

Summary

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.

Affected Software

VendorProductVersion RangeStatus
OpenHarmonyOpenHarmony3.1.0 <= 3.1.4affected
OpenHarmonyOpenHarmony3.0.0 <= 3.0.6affected
OpenHarmonyOpenHarmony1.1.0 <= 1.1.5affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References