CVE-2020-10024

Опубликовано: 11 мая 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

Ссылки

https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024
https://github.com/zephyrproject-rtos/zephyr/pull/23323
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23498
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23535
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30
Third Party Advisory
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024
https://github.com/zephyrproject-rtos/zephyr/pull/23323
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23498
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23535
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*

cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00092

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-697

Связанные уязвимости

GHSA-5c78-vcj8-vwr5

github

больше 3 лет назад

EPSS

Процентиль: 26%

0.00092

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-697