CVE-2020-10028Improper Input Validation in Zephyr

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 77.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedMay 11
Latest updateMay 24

Description

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr1.14.0unspecified+1
NVDzephyrproject/zephyr1.14.0, 2.1.0+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-48gx-3vxx-x8h6: Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 12022-05-24
CVEList
Multiple Syscalls In GPIO Subsystem Performs No Argument Validation2020-05-11
CVE-2020-10028 — Improper Input Validation in Zephyr | cvebase