Unrated severityNVD Advisory· Published May 11, 2020· Updated Sep 16, 2024
Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory
CVE-2020-10067
Description
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=1.14.1+ 1 more
- (no CPE)range: >=1.14.1
- (no CPE)range: 1.14.1
Patches
Vulnerability mechanics
References
5- docs.zephyrproject.org/latest/security/vulnerabilities.htmlmitrex_refsource_MISC
- github.com/zephyrproject-rtos/zephyr/pull/23239mitrex_refsource_MISC
- github.com/zephyrproject-rtos/zephyr/pull/23653mitrex_refsource_MISC
- github.com/zephyrproject-rtos/zephyr/pull/23654mitrex_refsource_MISC
- zephyrprojectsec.atlassian.net/browse/ZEPSEC-27mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.