exploitDog

CVE-2023-22436

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an

UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Ссылки

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md
Third Party Advisory
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*

Версия от 3.1 (включая) до 3.1.5 (включая)

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3

Дефекты

CWE-190

CWE-416

Связанные уязвимости

GHSA-6vw3-qjc8-x8j8

CVSS3: 7.8

github

почти 3 года назад

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

EPSS

Процентиль: 12%

0.00041

Низкий

7.8 High

CVSS3

Дефекты

CWE-190

CWE-416