Primary

Context

OpenHarmony Out-of-Bounds Write Vulnerability in arkcompiler_ets_runtime Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability in OpenHarmony versions through 5.1.0 that allows local attackers to execute arbitrary code in pre-installed applications. This issue arises from an out-of-bounds write vulnerability and can only be exploited in certain restricted scenarios.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the affected application.

Remediation

Users can apply the available patches for this vulnerability in the OpenHarmony-5.1.0-Release and OpenHarmony-5.0.3-Release branches. Instructions for applying the patch can be found in the OpenHarmony security disclosure for October 2025.

Added: Mar 16, 2026, 2:45 PM

Updated: Mar 16, 2026, 2:45 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.3

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.3

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenHarmony Out-of-Bounds Write Vulnerability in arkcompiler_ets_runtime Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

OpenHarmony

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating