CVE-2020-10027 — Incorrect Comparison in Zephyr

CWE-697 — Incorrect Comparison3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 41.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedMay 11

Latest updateMay 24

Description

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5zephyrproject-rtos/zephyr1.14.0 — unspecified+1

▶NVDzephyrproject/zephyr1.14.0, 2.1.0+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-mwc4-px37-jrx4: An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel↗2022-05-24

▶

CVEList

ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers↗2020-05-11

▶