CVE-2024-10074 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-10074?

CVE-2024-10074 has a CVSS score of 8.8 (HIGH). This CVE describes a use-after-free vulnerability in OpenHarmony that allows a local attacker to escalate privileges from common user permissions to root access. The vulnerability affects OpenHarmony v4.1.1 and earlier versions. Attackers must have local access to the system to exploit this flaw.

📋 TL;DR

This CVE describes a use-after-free vulnerability in OpenHarmony that allows a local attacker to escalate privileges from common user permissions to root access. The vulnerability affects OpenHarmony v4.1.1 and earlier versions. Attackers must have local access to the system to exploit this flaw.

💻 Affected Systems

Products:

OpenHarmony

Versions: v4.1.1 and prior versions

Operating Systems: OpenHarmony-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected OpenHarmony versions are vulnerable. The vulnerability requires local access to exploit.

📦 What is this software?

Openharmony by Openatom

View all CVEs affecting Openharmony →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains root privileges, enabling full control over the device, data theft, persistence mechanisms, and disabling of security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass application sandboxes, access sensitive data, and modify system configurations.

🟢

If Mitigated

Limited impact if proper access controls and privilege separation are enforced, though the vulnerability still presents a significant security risk.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of the specific use-after-free condition. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenHarmony v4.1.2 or later

Vendor Advisory: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md

Restart Required: No

Instructions:

1. Update OpenHarmony to version 4.1.2 or later. 2. Apply the security patch provided by OpenHarmony maintainers. 3. Verify the update was successful by checking the system version.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and remote local access to vulnerable systems to reduce attack surface

Enhanced monitoring

all

Implement strict monitoring of privilege escalation attempts and unusual process behavior

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Deploy application sandboxing and containerization to isolate vulnerable components

🔍 How to Verify

Check if Vulnerable:

Check OpenHarmony version using system settings or command line. If version is 4.1.1 or earlier, the system is vulnerable.

Check Version:

getprop ro.build.version.release

Verify Fix Applied:

Verify OpenHarmony version is 4.1.2 or later after applying updates.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Processes running with unexpected root privileges
Kernel or system component crashes

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

Process creation events where parent process has low privileges but child process has root privileges

📊 Metadata

CVE ID: CVE-2024-10074

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-416

Published: December 3, 2024

Last Updated: December 11, 2024

🔗 References

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10074, you might also want to check these: