CVE-2020-10067 Information

Feb 14, 2021 cve

Description

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://docs.zephyrproject.org/latest/security/vulnerabilities.htmlcve-2020-10067 https://github.com/zephyrproject-rtos/zephyr/pull/23239 https://github.com/zephyrproject-rtos/zephyr/pull/23653 https://github.com/zephyrproject-rtos/zephyr/pull/23654 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: