CVE-2020-10058

Опубликовано: 11 мая 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

Ссылки

https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058
https://github.com/zephyrproject-rtos/zephyr/pull/23308
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23748
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34
Third Party Advisory
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058
https://github.com/zephyrproject-rtos/zephyr/pull/23308
Patch
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23748
Patch
Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-gmhq-vm7x-p5c3

github

больше 3 лет назад

EPSS

Процентиль: 24%

0.00081

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20