urlscan.io logo urlscan.io
SecurityTrails logo

device.harmonyos.com Open in urlscan Pro
18.66.112.35  Public Scan

Back to summary
URL: https://device.harmonyos.com/en/docs/security/update/security-bulletins-202305-0000001532778780
Submission: On June 01 via manual from AZ — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

We use essential cookies for the website to function, as well as analytics
cookies for analyzing and creating statistics of the website performance. To
agree to the use of analytics cookies, click "Accept All". You can manage your
preferences at any time by clicking "Cookie Settings" on the footer. Learn More

Cookie Settings
Only Essential Cookies
Accept All
English
 * 简体中文
 * English
   

Sign in
Sign up
 * Develop
    * Develop
      
   
   Overview
   DevEco Device Tool
   DevEco Service
 * Documentation
    * Documentation
      
   
   Overview
   Guides
   Reference
   Release Notes
 * Security
    * Security
      
   
   Security Updates
   Acknowledgment
   Security Bounty Program
 * Community
   

Search

Security


 * Updates
 * Acknowledgements
 * Security bounty program
   


Updates

Security Updates

HarmonyOS Security Bulletins

Security Bulletins

2023

May

April

March

February

January

2022

2021

Huawei Phone/Tablet Security Bulletins

Huawei Wearable Security Bulletins

HUAWEI Vision Security Bulletins
HarmonyOS Device > Security > Updates >


MAY


Last updated: 2023-05-04 16:01
 * Unusable
 * Poor
 * OK
 * Good
 * Excellent
   



Last updated: 2023-05-04 16:01


HARMONYOS SECURITY BULLETIN - MAY 2023

This bulletin contains details about the security vulnerabilities that have been
fixed by security patch 2023-05-01 or the updated HarmonyOS version.

If you find security or privacy vulnerabilities in HarmonyOS, submit an issue.
For more details, see HarmonyOS Security Bounty Program.


HARMONYOS SECURITY MITIGATION MEASURES

You can find the mitigation measures provided by HarmonyOS in Security
Guidelines. These measures help reduce the risks of the security vulnerabilities
on HarmonyOS to be exploited.

The security hardening functions provided by later HarmonyOS versions make it
harder for attackers to exploit the vulnerabilities of HarmonyOS. You are
advised to upgrade HarmonyOS to the latest version.


SECURITY PATCH 2023-05-01 VULNERABILITY DETAILS

The following tables provide details about the security vulnerabilities fixed by
security patch 2023-05-01. The CVE, vulnerability description, impact, severity,
updated HarmonyOS version, and the affected modules are provided.

System

CVE

Vulnerability Description

Impact

Severity

Updated HarmonyOS Version

Module

CVE-2023-0116

The reminder module lacks an authentication mechanism for broadcasts received.

Successful exploitation of this vulnerability may affect availability.

Medium

HarmonyOS 3.1.0, HarmonyOS 3.0.0, HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS
2.0.0

Event Notification

CVE-2023-31226

The SDK for the MediaPlaybackController module has improper permission
verification.

Successful exploitation of this vulnerability may affect confidentiality.

Medium

HarmonyOS 3.1.0

Media

CVE-2022-48478

The facial recognition TA of some products lacks memory length verification.

Successful exploitation of this vulnerability may cause exceptions of the facial
recognition service.

Critical

HarmonyOS 2.0.0

User IAM

CVE-2022-48479

The facial recognition TA of some products has the out-of-bounds memory read
vulnerability.

Successful exploitation of this vulnerability may cause exceptions of the facial
recognition service.

Critical

HarmonyOS 2.0.0

User IAM

Application

CVE

Vulnerability Description

Impact

Severity

Updated HarmonyOS Version

Module

CVE-2023-31225

The Gallery app has the risk of hijacking attacks.

Successful exploitation of this vulnerability may cause download failures and
affect product availability.

Medium

HarmonyOS 3.1.0, HarmonyOS 3.0.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

Framework

CVE

Vulnerability Description

Impact

Severity

Updated HarmonyOS Version

Module

CVE-2023-0117

The online authentication provided by the hwKitAssistant lacks strict identity
verification of applications.

Successful exploitation of this vulnerability may affect availability of
features, such as MeeTime.

Medium

HarmonyOS 3.1.0, HarmonyOS 3.0.0

Media

CVE-2023-31227

The hwPartsDFR module has a vulnerability in API calling verification.

Successful exploitation of this vulnerability may affect device confidentiality.

Medium

HarmonyOS 3.1.0, HarmonyOS 3.0.0, HarmonyOS 2.1.0

DFX

CVE-2021-46881

The video framework has memory overwriting caused by addition overflow.

Successful exploitation of this vulnerability may affect availability.

Critical

HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

CVE-2021-46882

The video framework has memory overwriting caused by addition overflow.

Successful exploitation of this vulnerability may affect availability.

Critical

HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

CVE-2021-46883

The video framework has memory overwriting caused by addition overflow.

Successful exploitation of this vulnerability may affect availability.

Critical

HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

CVE-2021-46884

The video framework has memory overwriting caused by addition overflow.

Successful exploitation of this vulnerability may affect availability.

Critical

HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

CVE-2021-46885

The video framework has memory overwriting caused by addition overflow.

Successful exploitation of this vulnerability may affect availability.

High

HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

CVE-2021-46886

The video framework has memory overwriting caused by addition overflow.

Successful exploitation of this vulnerability may affect availability.

High

HarmonyOS 2.1.0, HarmonyOS 2.0.1, HarmonyOS 2.0.0

Media

Third-Party Library

N/A


FAQS

 1. How do I know that my device has these issues fixed by security updates?
    
    For details about how to check the security patch and update the HarmonyOS
    version, see Security Updates.
    
    If the security patch is 2023-05-01 or Updated, all issues covered by
    security patch 2023-05-01 have been resolved.


CHANGE HISTORY

Issue

Date

Change History

V1.0

2023-05-05

First release

Previous
Security Bulletins
Next
April
   Share to
   
   
   
 * 
   
 * 
   
 * 
   


WAS THIS PAGE HELPFUL?

 * Unusable
 * Poor
 * OK
 * Good
 * Excellent
   

Send feedback



HarmonyOS Security Bulletin - May 2023HarmonyOS Security Mitigation
MeasuresSecurity Patch 2023-05-01 Vulnerability DetailsFAQsChange History

Global - English
HarmonyOS All rights reserved ©2022-2023
Terms of Use|
Statement About HarmonyOS and Privacy|
Cookies|
Cookie Settings|
Open-Source Software Notice