Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in furth ...
Vulnerability Description
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in further attacks. The processes with system user UID run on the device would be able to mmap memory pools used by kernel and override them which could be used to gain kernel code execution on the device, gain root privileges, or cause device reboot.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
OpenHarmony 安全漏洞
Vulnerability Description
OpenHarmony是中国OpenAtom Foundation基金会的一种鸿蒙操作系统的开源项目。 OpenHarmony v3.1.2及以前版本和3.0.6及以前版本存在安全漏洞,该漏洞源于其/dev/mmz_userdev设备驱动程序中内核内存池覆盖问题导致设备上运行的无特权进程可能会泄露包括内核指针在内的敏感信息,这些信息可能被用于进一步的攻击。或在设备上运行的具有系统用户UID的进程将能够mmap内核使用的内存池并覆盖它们,这可以用于在设备上获得内核代码执行、获得根权限或导致设备重新启动。上述
CVSS Information
N/A
Vulnerability Type
N/A