Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-10067

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Published

2020-05-11T23:15:12.083

Last Modified

2024-11-21T04:54:44.413

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	zephyrproject	zephyr	1.14.1	Yes
Operating System	zephyrproject	zephyr	2.1.0	Yes

References

https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067 ([email protected])
https://github.com/zephyrproject-rtos/zephyr/pull/23239 Patch, Third Party Advisory ([email protected])
https://github.com/zephyrproject-rtos/zephyr/pull/23653 Patch, Third Party Advisory ([email protected])
https://github.com/zephyrproject-rtos/zephyr/pull/23654 Patch, Third Party Advisory ([email protected])
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27 Third Party Advisory ([email protected])
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zephyrproject-rtos/zephyr/pull/23239 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zephyrproject-rtos/zephyr/pull/23653 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/zephyrproject-rtos/zephyr/pull/23654 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)