CVE-2024-47398

CVE-2024-47398 is an out-of-bounds write vulnerability (CWE-787) affecting OpenHarmony versions v4.1.2 and prior. It enables a local attacker to prevent the device from booting up. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high-impact effects, including the device failing to boot, which constitutes a denial-of-service condition, alongside potential compromise of confidentiality and integrity due to the changed scope.

Mitigation details are provided in the OpenHarmony security advisory at https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-01.md. Security practitioners should consult this reference for patches or workarounds specific to affected OpenHarmony deployments.