CVE-2026-0639 PUBLISHED

liteos_a has a missing release of memory vulnerability

Assigner: OpenHarmony
Reserved: 06.01.2026 Published: 16.03.2026 Updated: 16.03.2026

in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 3.3

Product Status

Vendor OpenHarmony
Product OpenHarmony
Versions Default: unaffected
  • affected from v5.0.3 to v6.0 (incl.)

References

Problem Types

  • CWE-401 Missing release of memory after effective lifetime CWE