Lucene search

ZephyrCVELIST:CVE-2020-10067

HistoryMay 11, 2020 - 10:26 p.m.

CVE-2020-10067 Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory

2020-05-1122:26:17

CWE-190

zephyr

www.cve.org

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

21.6%

JSON

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CNA Affected

[
  {
    "product": "zephyr",
    "vendor": "zephyrproject-rtos",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "1.14.1",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "2.1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067

github.com/zephyrproject-rtos/zephyr/pull/23239

github.com/zephyrproject-rtos/zephyr/pull/23653

github.com/zephyrproject-rtos/zephyr/pull/23654

zephyrprojectsec.atlassian.net/browse/ZEPSEC-27

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

21.6%

JSON

Related for CVELIST:CVE-2020-10067