CVE-2020-10058Improper Input Validation in Zephyr

CWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedMay 11
Latest updateMay 24

Description

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr2.1.0unspecified

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-gmhq-vm7x-p5c3: Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated p2022-05-24
CVEList
Multiple Syscalls In kscan Subsystem Performs No Argument Validation2020-05-11
CVE-2020-10058 — Improper Input Validation in Zephyr | cvebase