Description
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Published: 2026-05-19
Score: 3.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference in the Sensors_medical_sensor component of OpenHarmony can lead to a denial of service condition. The flaw is identified as CWE‑476 and allows a local attacker to trigger crashes or interrupts in the target device, effectively disrupting service availability. No information about remote exploitation or privileged escalation is provided, indicating that the vulnerability is limited in scope to local contexts.

Affected Systems

This defect affects the OpenHarmony operating system, specifically all releases up to and including version 6.0. Users running these firmware versions, particularly in medical sensor environments, are directly impacted. No other products or vendors are listed.

Risk and Exploitability

The CVSS score of 3.3 reflects a low severity rating, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog, suggesting that widespread exploitation is unlikely. However, because the attack vector is inferred to be local, an attacker with physical or restricted network access could repeatedly trigger service interruptions. The risk remains moderate in environments where local access is difficult to deny but low to high availability is critical.

Generated by OpenCVE AI on May 19, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a version of OpenHarmony that resolves the NULL pointer dereference in Sensors_medical_sensor
  • Limit physical or network access to the affected device, using isolation or segmentation to reduce the opportunity for a local attacker
  • Monitor the device for abnormal CPU or memory usage patterns that may indicate repeated denial‑of‑service attempts

Generated by OpenCVE AI on May 19, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 05:15:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
Vendors & Products Openharmony
Openharmony openharmony

Tue, 19 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Title Sensors_medical_sensor has a NULL pointer dereference vulnerability
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Openharmony Openharmony
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published:

Updated: 2026-05-19T02:58:56.097Z

Reserved: 2026-03-03T06:43:20.274Z

Link: CVE-2026-25110

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T04:16:28.137

Modified: 2026-05-19T04:16:28.137

Link: CVE-2026-25110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T05:00:10Z

Weaknesses