CVE-2024-41160 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-41160?

CVE-2024-41160 has a CVSS score of 8.8 (HIGH). This CVE describes a use-after-free vulnerability in OpenHarmony that allows a local attacker to escalate common permissions to root and leak sensitive information. It affects OpenHarmony v4.1.0 and earlier versions. Attackers need local access to exploit this vulnerability.

📋 TL;DR

This CVE describes a use-after-free vulnerability in OpenHarmony that allows a local attacker to escalate common permissions to root and leak sensitive information. It affects OpenHarmony v4.1.0 and earlier versions. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

OpenHarmony

Versions: v4.1.0 and prior versions

Operating Systems: OpenHarmony OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default installations of vulnerable OpenHarmony versions.

📦 What is this software?

Openharmony by Openatom

View all CVEs affecting Openharmony →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root access, allowing installation of persistent malware, data exfiltration, and disabling of security controls.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive data and system resources.

🟢

If Mitigated

Limited impact if proper access controls and privilege separation are implemented, though information leakage may still occur.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: HIGH - Local attackers or compromised user accounts can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and some technical knowledge to exploit the use-after-free condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenHarmony v4.1.1 or later

Vendor Advisory: https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md

Restart Required: Yes

Instructions:

1. Check current OpenHarmony version. 2. Update to OpenHarmony v4.1.1 or later. 3. Reboot the system. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict local user access

all

Limit local user accounts and implement strict access controls to reduce attack surface.

Implement privilege separation

all

Ensure applications run with minimal necessary privileges to limit impact of potential escalation.

🧯 If You Can't Patch

Implement strict access controls and monitor for suspicious local activity.
Isolate affected systems from critical networks and data.

🔍 How to Verify

Check if Vulnerable:

Check OpenHarmony version: cat /etc/os-release or equivalent system command.

Check Version:

cat /etc/os-release | grep VERSION

Verify Fix Applied:

Verify system is running OpenHarmony v4.1.1 or later using version check command.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Suspicious process creation with elevated privileges
Access to sensitive system files by non-root users

Network Indicators:

Unusual outbound connections from system following local user activity

SIEM Query:

Process creation where parent process is non-root and child process runs as root, or file access patterns showing non-privileged users accessing sensitive system files.

📊 Metadata

CVE ID: CVE-2024-41160

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-416

Published: September 2, 2024

Last Updated: September 9, 2024

🔗 References

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41160, you might also want to check these: