CVE-2020-10067Integer Overflow or Wraparound in Zephyr

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
7.8HIGHNVD
CNA7.5
EPSS
0.1%
top 80.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedMay 11
Latest updateMay 24

Description

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr1.14.1unspecified+1
NVDzephyrproject/zephyr1.14.1, 2.1.0+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-2wjv-2phj-464p: A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers2022-05-24
CVEList
Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory2020-05-11
CVE-2020-10067 — Integer Overflow or Wraparound | cvebase