CVE-2020-10027 – ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10027
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027 https://github.com/zephyrproject-rtos/zephyr/pull/23328 https://github.com/zephyrproject-rtos/zephyr/pull/23499 https://github.com/zephyrproject-rtos/zephyr/pull/23500 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35 • CWE-697: Incorrect Comparison •
CVE-2020-10024 – ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers
https://notcve.org/view.php?id=CVE-2020-10024
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. El código arm específico de la plataforma utiliza una comparación de enteros con signo cuando se comprueban los números de llamada del sistema. Un atacante que ha obtenido una ejecución de código dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024 https://github.com/zephyrproject-rtos/zephyr/pull/23323 https://github.com/zephyrproject-rtos/zephyr/pull/23498 https://github.com/zephyrproject-rtos/zephyr/pull/23535 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30 • CWE-697: Incorrect Comparison •
CVE-2020-10023 – Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim
https://notcve.org/view.php?id=CVE-2020-10023
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. El subsistema shell contiene un desbordamiento de búfer, por lo que un adversario con acceso físico al dispositivo es capaz de causar una corrupción de la memoria, resultando en una denegación de servicio o posiblemente en una ejecución de código dentro del kernel de Zephyr. Consulte NCC-NCC-019. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023 https://github.com/zephyrproject-rtos/zephyr/pull/23304 https://github.com/zephyrproject-rtos/zephyr/pull/23646 https://github.com/zephyrproject-rtos/zephyr/pull/23649 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-10022 – UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array
https://notcve.org/view.php?id=CVE-2020-10022
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. Una carga útil JSON malformada que es recibida desde un servidor UpdateHub puede desencadenar una corrupción de la memoria en el Sistema Operativo Zephyr. Esto podría resultar en una denegación de servicio en el mejor de los casos, o una ejecución de código en el peor de los casos. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10022 https://github.com/zephyrproject-rtos/zephyr/pull/24065 https://github.com/zephyrproject-rtos/zephyr/pull/24066 https://github.com/zephyrproject-rtos/zephyr/pull/24154 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-28 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-10021 – Out-of-bounds write in USB Mass Storage with unaligned sizes
https://notcve.org/view.php?id=CVE-2020-10021
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. Una Escritura fuera de límites en el Almacenamiento Masivo USB en el manejador memoryWrite con Tamaños no alineados. Consulte NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026. Este problema afecta a: zephyrproject-rtos zephyr versión 1.14.1 y versiones posteriores. Versión 2.1.0 y versiones posteriores. • https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10021 https://github.com/zephyrproject-rtos/zephyr/pull/23240 https://github.com/zephyrproject-rtos/zephyr/pull/23455 https://github.com/zephyrproject-rtos/zephyr/pull/23456 https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-26 • CWE-787: Out-of-bounds Write •