CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2020-10062 – Packet length decoding error in MQTT
https://notcve.org/view.php?id=CVE-2020-10062
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. Un error por un paso (off-by-one) en el decodificador de longitud de paquetes MQTT del proyecto Zephyr puede resultar en una corrupción de la memoria y una potencial ejecución de código remota. NCC-ZEP-031 Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10062 https://github.com/zephyrproject-rtos/zephyr/pull/23821/commits/11b7a37d9a0b438270421b224221d91929843de4 https://research.nccgroup.com/2020/05/26/research-report-zephyr-and-mcuboot-security-assessment https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-84 • CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10061 – Error handling invalid packet sequence
https://notcve.org/view.php?id=CVE-2020-10061
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. El manejo inapropiado del caso full-buffer en la implementación de Zephyr Bluetooth puede resultar en una corrupción en la memoria. Este problema afecta a: zephyrproject-rtos zephyr versión 2.2.0 y versiones posteriores, y versión 1.14.0 y versiones posteriores • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10061 https://github.com/zephyrproject-rtos/zephyr/pull/23091 https://github.com/zephyrproject-rtos/zephyr/pull/23516 https://github.com/zephyrproject-rtos/zephyr/pull/23517 https://github.com/zephyrproject-rtos/zephyr/pull/23547 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-75 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10067 – Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory
https://notcve.org/view.php?id=CVE-2020-10067
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. Una aplicación de espacio de usuario maliciosa puede causar un desbordamiento de enteros y omitir comprobaciones de seguridad llevadas a cabo por manejadores de llamadas del sistema. El impacto dependería de la llamada del sistema subyacente y puede variar desde una denegación de servicio hasta el filtrado de información para una corrupción de memoria, resultando en una ejecución de código dentro del kernel. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067 https://github.com/zephyrproject-rtos/zephyr/pull/23239 https://github.com/zephyrproject-rtos/zephyr/pull/23653 https://github.com/zephyrproject-rtos/zephyr/pull/23654 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10028 – Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
https://notcve.org/view.php?id=CVE-2020-10028
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Múltiples llamadas al sistema con comprobación de argumento insuficiente. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. Versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028 https://github.com/zephyrproject-rtos/zephyr/pull/23308 https://github.com/zephyrproject-rtos/zephyr/pull/23733 https://github.com/zephyrproject-rtos/zephyr/pull/23737 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10027 – ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10027
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 https://github.com/zephyrproject-rtos/zephyr/pull/23328 https://github.com/zephyrproject-rtos/zephyr/pull/23499 https://github.com/zephyrproject-rtos/zephyr/pull/23500 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35 • CWE-697: Incorrect Comparison •