2 matches found
CVE-2020-10024
This CVE concerns Zephyr RTOS: the ARM platform-specific code uses a signed integer comparison when validating syscall numbers. The root cause enables privilege escalation from a user thread to kernel level if code execution is obtained in user space. Affected versions are Zephyr project-rtos Zep...
CVE-2020-10024 ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...