CVE-2023-22301 - Vulnerability Details - OpenCVE

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Openatom	Openharmony

Configuration 1 [-]

cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*

No data.

References

Link	Providers
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 09 Sep 2024 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openatom Openatom openharmony
CPEs	cpe:2.3:a:openharmony:openharmony:::::-:::*	cpe:2.3:o:openatom:openharmony:::::-:::*
Vendors & Products	Openharmony Openharmony openharmony	Openatom Openatom openharmony

MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published: 2023-03-10T10:44:38.102Z

Updated: 2025-02-27T21:01:25.746Z

Reserved: 2023-01-05T12:23:16.622Z

Link: CVE-2023-22301

Vulnrichment

Updated: 2024-08-02T10:07:06.145Z

NVD

Status : Modified

Published: 2023-03-10T11:15:12.127

Modified: 2024-11-21T07:44:29.147

Link: CVE-2023-22301

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22301", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "state": "PUBLISHED", "assignerShortName": "OpenHarmony", "dateReserved": "2023-01-05T12:23:16.622Z", "datePublished": "2023-03-10T10:44:38.102Z", "dateUpdated": "2025-02-27T21:01:25.746Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenHarmony", "vendor": "OpenHarmony", "versions": [{"lessThanOrEqual": "3.1.5", "status": "affected", "version": "3.1", "versionType": "custom"}]}], "datePublic": "2023-03-11T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an \n\n<span style=\"background-color: rgb(255, 255, 255);\">arbitrary memory accessing </span>vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.<br>"}], "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions\u00a0has an \n\narbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.\n"}], "impacts": [{"capecId": "CAPEC-47", "descriptions": [{"lang": "en", "value": "CAPEC-47 Buffer Overflow via Parameter Expansion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2023-03-10T10:44:38.102Z"}, "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md"}], "source": {"discovery": "UNKNOWN"}, "title": "The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.145Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-27T21:01:13.896862Z", "id": "CVE-2023-22301", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T21:01:25.746Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22301", "assignerOrgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "state": "PUBLISHED", "assignerShortName": "OpenHarmony", "dateReserved": "2023-01-05T12:23:16.622Z", "datePublished": "2023-03-10T10:44:38.102Z", "dateUpdated": "2025-02-27T21:01:25.746Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenHarmony", "vendor": "OpenHarmony", "versions": [{"lessThanOrEqual": "3.1.5", "status": "affected", "version": "3.1", "versionType": "custom"}]}], "datePublic": "2023-03-11T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an \n\n<span style=\"background-color: rgb(255, 255, 255);\">arbitrary memory accessing </span>vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.<br>"}], "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions\u00a0has an \n\narbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.\n"}], "impacts": [{"capecId": "CAPEC-47", "descriptions": [{"lang": "en", "value": "CAPEC-47 Buffer Overflow via Parameter Expansion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cf5dd6e-1214-4398-a481-30441e48fafd", "shortName": "OpenHarmony", "dateUpdated": "2023-03-10T10:44:38.102Z"}, "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md"}], "source": {"discovery": "UNKNOWN"}, "title": "The kernel subsystem hmdfs has a arbitrary memory accessing vulnerability.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.145Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22301", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T21:01:13.896862Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T21:01:19.780Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openatom:openharmony:*:*:*:*:-:*:*:*", "matchCriteriaId": "CD89B217-1A7D-485D-B647-5C666FBA5D46", "versionEndIncluding": "3.1.5", "versionStartIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions\u00a0has an \n\narbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.\n"}], "id": "CVE-2023-22301", "lastModified": "2024-11-21T07:44:29.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "scy@openharmony.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-10T11:15:12.127", "references": [{"source": "scy@openharmony.io", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-02.md"}], "sourceIdentifier": "scy@openharmony.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "scy@openharmony.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}