Cyber Resilience

CVE-2024-47398

High

Published: 07 January 2025

Published
07 January 2025
Modified
16 October 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0018 39.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47398 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Openatom Openharmony. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-47398 is an out-of-bounds write vulnerability (CWE-787) affecting OpenHarmony versions v4.1.2 and prior. It enables a local attacker to prevent the device from booting up. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high-impact effects, including the device failing to boot, which constitutes a denial-of-service condition, alongside potential compromise of confidentiality and integrity due to the changed scope.

Mitigation details are provided in the OpenHarmony security advisory at https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-01.md. Security practitioners should consult this reference for patches or workarounds specific to affected OpenHarmony deployments.

EU & UK References

Vulnerability details

in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds write enables local exploitation for privilege escalation (T1068) leading to boot-time DoS via system/application exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-23420Same product: Openatom Openharmony
CVE-2025-23240Same product: Openatom Openharmony
CVE-2025-24309Same product: Openatom Openharmony
CVE-2025-22835Same product: Openatom Openharmony
CVE-2025-52458Same product: Openatom Openharmony
CVE-2025-41432Same product: Openatom Openharmony
CVE-2025-20091Same product: Openatom Openharmony
CVE-2025-0304Same product: Openatom Openharmony
CVE-2025-0303Same product: Openatom Openharmony
CVE-2025-24301Same product: Openatom Openharmony

Affected Assets

openatom
openharmony
≤ 4.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-47398 by identifying, reporting, and correcting the out-of-bounds write flaw in OpenHarmony through timely patching.

prevent

Implements memory protection safeguards such as address randomization and non-executable memory to prevent exploitation of the out-of-bounds write vulnerability.

prevent

Validates inputs to applications and systems to restrict out-of-bounds writes triggered by local attacker-supplied data during the boot process.

References