CVE-2024-47404

Published: Nov 5, 2024Modified: Nov 6, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.

Affected (1)

Products: Openatom: Openharmony

Openatom

1 product

Openharmony

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openatom Openharmony	From 4.0 to 4.1

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (1)

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-11.md

Source: scy@openharmony.io

Vendor Advisory

Timeline

No history available yet.