Zephyrproject Zephyr vulnerabilities

CVE-2020-10021 [HIGH] CWE-787 CVE-2020-10021: Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024 Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CVE-2020-10027 [HIGH] CWE-697 CVE-2020-10027: An attacker who has obtained code execution within a user thread is able to elevate privileges to th An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

CVE-2020-10019 [HIGH] CWE-120 CVE-2020-10019: USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

CVE-2020-10024 [HIGH] CWE-697 CVE-2020-10024: The arm platform-specific code uses a signed integer comparison when validating system call numbers. The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

CVE-2020-10058 [HIGH] CWE-20 CVE-2020-10058: Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code exe Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

CVE-2020-10028 [HIGH] CWE-20 CVE-2020-10028: Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrpr Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

CVE-2020-10067 [HIGH] CWE-190 CVE-2020-10067: A malicious userspace application can cause a integer overflow and bypass security checks performed A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-

CVE-2020-10060 [MEDIUM] CVE-2020-10060: In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output st In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applie

CVE-2020-10023 [MEDIUM] CWE-120 CVE-2020-10023: The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the dev The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later vers

CVE-2020-10059 [MEDIUM] CWE-295 CVE-2020-10059: The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

CVE-2017-14201 [HIGH] CWE-416 CVE-2017-14201: Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause d Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.

CVE-2017-14202 [HIGH] CWE-119 CVE-2017-14202: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell c Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all.

CVE-2017-14199 [CRITICAL] CWE-119 CVE-2017-14199: A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1 A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.

CVE-2018-1000800 [CRITICAL] CWE-476 CVE-2018-1000800: zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put( zephyr-rtos version 1.12.0 contains a NULL base pointer reference vulnerability in sys_ring_buf_put(), sys_ring_buf_get() that can result in CPU Page Fault (error code 0x00000010). This attack appear to be exploitable via a malicious application call the vulnerable kernel APIs (system sys_ring_buf_get() and sys_ring_buf_put).