Unrated severityNVD Advisory· Published May 11, 2020· Updated Sep 16, 2024

Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory

CVE-2020-10067

Description

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Affected products

Zephyrproject Rtos/Zephyrv5
Range: 1.14.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.zephyrproject.org/latest/security/vulnerabilities.htmlmitrex_refsource_MISC
github.com/zephyrproject-rtos/zephyr/pull/23239mitrex_refsource_MISC
github.com/zephyrproject-rtos/zephyr/pull/23653mitrex_refsource_MISC
github.com/zephyrproject-rtos/zephyr/pull/23654mitrex_refsource_MISC
zephyrprojectsec.atlassian.net/browse/ZEPSEC-27mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000