CVE-2023-22436

Summary

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an

UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Affected Software

VendorProductVersion RangeStatus
OpenHarmonyOpenHarmony3.1 <= 3.1.5affected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References