CVE-2023-5563
https://notcve.org/view.php?id=CVE-2023-5563
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. El backend del controlador CAN SJA1000 intenta recuperarse automáticamente de un evento de apagado del bus cuando se construye con CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. Esto da como resultado una llamada a k_sleep() en el contexto IRQ, lo que provoca una excepción fatal. • https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVE-2023-3725 – Potential buffer overflow vulnerability in the Zephyr CANbus subsystem
https://notcve.org/view.php?id=CVE-2023-3725
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem Posible vulnerabilidad de desbordamiento del búfer en el subsistema Zephyr CAN bus • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-5184 – Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver
https://notcve.org/view.php?id=CVE-2023-5184
Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. Dos posibles errores de conversión de firmados a no firmados y vulnerabilidades de desbordamiento del búfer en las siguientes ubicaciones en los controladores Zephyr IPM. • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-195: Signed to Unsigned Conversion Error CWE-681: Incorrect Conversion between Numeric Types •
CVE-2023-4260 – Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem
https://notcve.org/view.php?id=CVE-2023-4260
Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. Posible vulnerabilidad de desbordamiento del búfer uno por uno en el sistema de archivos del fusible Zephyr. • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-193: Off-by-one Error •
CVE-2023-4264 – Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem
https://notcve.org/view.php?id=CVE-2023-4264
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. Posibles vulnerabilidades de desbordamiento del búfer en el subsistema Bluetooth Zephyr. • http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html http://seclists.org/fulldisclosure/2023/Nov/1 http://www.openwall.com/lists/oss-security/2023/11/07/1 https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-122: Heap-based Buffer Overflow •