CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10058 – Multiple Syscalls In kscan Subsystem Performs No Argument Validation
https://notcve.org/view.php?id=CVE-2020-10058
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. Múltiples llamadas al sistema en el subsistema Kscan llevan a cabo una comprobación de argumento insuficiente, permitiendo una ejecución de código en el espacio de usuario para potencialmente alcanzar elevados privilegios. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058 https://github.com/zephyrproject-rtos/zephyr/pull/23308 https://github.com/zephyrproject-rtos/zephyr/pull/23748 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10028 – Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
https://notcve.org/view.php?id=CVE-2020-10028
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Múltiples llamadas al sistema con comprobación de argumento insuficiente. Consulte NCC-ZEP-006. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. Versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028 https://github.com/zephyrproject-rtos/zephyr/pull/23308 https://github.com/zephyrproject-rtos/zephyr/pull/23733 https://github.com/zephyrproject-rtos/zephyr/pull/23737 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10027 – ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10027
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 https://github.com/zephyrproject-rtos/zephyr/pull/23328 https://github.com/zephyrproject-rtos/zephyr/pull/23499 https://github.com/zephyrproject-rtos/zephyr/pull/23500 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35 • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10024 – ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10024
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. El código arm específico de la plataforma utiliza una comparación de enteros con signo cuando se comprueban los números de llamada del sistema. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024 https://github.com/zephyrproject-rtos/zephyr/pull/23323 https://github.com/zephyrproject-rtos/zephyr/pull/23498 https://github.com/zephyrproject-rtos/zephyr/pull/23535 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30 • CWE-697: Incorrect Comparison •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10023 – Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim
https://notcve.org/view.php?id=CVE-2020-10023
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. El subsistema shell contiene un desbordamiento de búfer, por lo que un adversario con acceso físico al dispositivo es capaz de causar una corrupción de la memoria, resultando en una denegación de servicio o posiblemente en una ejecución de código dentro del kernel de Zephyr. Consulte NCC-NCC-019. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023 https://github.com/zephyrproject-rtos/zephyr/pull/23304 https://github.com/zephyrproject-rtos/zephyr/pull/23646 https://github.com/zephyrproject-rtos/zephyr/pull/23649 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •