CVE-2024-11263 — Privilege Context Switching Error in Zephyr

CWE-270 — Privilege Context Switching Error2 documents2 sources

Severity

8.4HIGHNVD

CNA9.3

EPSS

0.2%

top 63.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zephyrproject-rtos Zephyr Zephyrproject Zephyr

Timeline

PublishedNov 15

Description

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages2 packages

▶NVDzephyrproject/zephyr3.7.0

▶CVEListV5zephyrproject-rtos/zephyr* — 3.7

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y↗2024-11-15

▶