CVE-2025-27577
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-12
Assigner: OpenHarmony
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openatom | openharmony | to 5.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenHarmony v5.0.3 and prior versions is a race condition that allows a local attacker to execute arbitrary code within the trusted computing base (tcb). It arises from a timing issue where the attacker can exploit concurrent operations to gain code execution privileges.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to execute arbitrary code with elevated privileges, potentially leading to system compromise, denial of service, or unauthorized actions within the affected OpenHarmony system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update OpenHarmony to the fixed version 5.0.3.x patch where the race condition issue has been addressed. Apply the patch available in the kernel_liteos_a repository pull request https://gitee.com/openharmony/kernel_liteos_a/pulls/1295 to ensure the vulnerability is fixed. [1]