CVE-2020-10023
published 2020-05-11CVE-2020-10023: The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in…
PriorityP425medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
EPSS
0.47%
37.1th percentile
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zephyrproject-rtos | zephyr | >= 1.14.0 < unspecified | unspecified |
| zephyrproject-rtos | zephyr | >= 2.1.0 < unspecified | unspecified |
| zephyrproject | zephyr | — | — |
| zephyrproject | zephyr | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction
arxiv_fulltext·2025-09-12
Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction
sloppypar
fancy
[C]
Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction
authorsperrow=4
Ming Zhou
0009-0005-6873-5710
[email protected]
SCS, Nanjing University of Science and Technology
Nanjing
China
Xupu Hu
0009-0002-8896-1203
[email protected]
SCS, Nanjing University of Science and Technology
Nanjing
China
Zhihao Wang
0000-0002-0144-889X
[email protected]
Purple Mountain Laboratories
Nanjing
China
Haining Wang
0000-0002-9665-7511
[email protected]
ECE, Virginia Tech
Arlington, Virginia
USA
Hui Wen
0000-0002-3786-3358
[email protected]
Institute of Information Engineering, CAS
Beijng
China
Limin Sun
0000-0002-6578-0680
[email protected]
Institute of Information Engineering, CAS
Beijng
China
Peng Zhang
0000-0001-9518-5914
zhang_pe
arXiv
SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
arxiv_fulltext·2024-05-13
SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
[1]
hlcolorRGB20, 255, 20hlcolor
blackZiming: #1
[1]
hlcolorRGB20, 255, 20hlcolor
blackJun: #1
[1]
hlcolorRGB20, 255, 20hlcolor
blackLe: #1
[1]
hlcolorRGB255, 241, 158hlcolor
blackZheyuan: #1
[1]
hlcolorRGB255, 20, 20hlcolor
blackZQ: #1
[1]
hlcolorRGB0,32,96hlcolor
whiteXi: #1
arch
[1]
arch
#1A [2]arch. #1
bug
[1]
bug
#1B [2]bug. #1
limitation
[1]
limitation
4pt #1L [2]limitation. #1
issue
[1]
issue
4pt #1I [2]issue. #1
defense
[1]
defense
4pt #1D [2]defense. #1
test
[1]
test
T [2]-test. #1
recommendation
[1]
recommendation
4pt #1R [2]recommendation. #1
plain
[2]tabular@#1@#2tabular
* [1]
* [1] [baseline=(char.base)]
[shape=circle,draw,inner sep=2pt] (char) #1;
* [1] [baseline=(char.base)]
[shape=circle,draw,inner sep=1pt] (char) #1;
.5em
[1]picture(1,1)
0=#1 (.
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023https://github.com/zephyrproject-rtos/zephyr/pull/23304https://github.com/zephyrproject-rtos/zephyr/pull/23646https://github.com/zephyrproject-rtos/zephyr/pull/23649https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023https://github.com/zephyrproject-rtos/zephyr/pull/23304https://github.com/zephyrproject-rtos/zephyr/pull/23646https://github.com/zephyrproject-rtos/zephyr/pull/23649https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29
2020-05-11
Published