CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10060 – UpdateHub Might Dereference An Uninitialized Pointer
https://notcve.org/view.php?id=CVE-2020-10060
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060 https://github.com/zephyrproject-rtos/zephyr/pull/27865 https://github.com/zephyrproject-rtos/zephyr/pull/27889 https://github.com/zephyrproject-rtos/zephyr/pull/27891 https://github.com/zephyrproject-rtos/zephyr/pull/27893 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-824: Access of Uninitialized Pointer •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10059 – UpdateHub Module Explicitly Disables TLS Verification
https://notcve.org/view.php?id=CVE-2020-10059
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. El módulo UpdateHub deshabilita la comprobación del peer DTLS, lo que permite un ataque de tipo man in the middle. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10059 https://github.com/zephyrproject-rtos/zephyr/pull/24954 https://github.com/zephyrproject-rtos/zephyr/pull/24997 https://github.com/zephyrproject-rtos/zephyr/pull/24999 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-36 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10058 – Multiple Syscalls In kscan Subsystem Performs No Argument Validation
https://notcve.org/view.php?id=CVE-2020-10058
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. Múltiples llamadas al sistema en el subsistema Kscan llevan a cabo una comprobación de argumento insuficiente, permitiendo una ejecución de código en el espacio de usuario para potencialmente alcanzar elevados privilegios. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058 https://github.com/zephyrproject-rtos/zephyr/pull/23308 https://github.com/zephyrproject-rtos/zephyr/pull/23748 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10028 – Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
https://notcve.org/view.php?id=CVE-2020-10028
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Múltiples llamadas al sistema con comprobación de argumento insuficiente. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. Versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028 https://github.com/zephyrproject-rtos/zephyr/pull/23308 https://github.com/zephyrproject-rtos/zephyr/pull/23733 https://github.com/zephyrproject-rtos/zephyr/pull/23737 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10027 – ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10027
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 https://github.com/zephyrproject-rtos/zephyr/pull/23328 https://github.com/zephyrproject-rtos/zephyr/pull/23499 https://github.com/zephyrproject-rtos/zephyr/pull/23500 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35 • CWE-697: Incorrect Comparison •