in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free or cause DOS through NULL pointer dereference.
https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-05.md