Lucene search
+L

8 matches found

OSV
OSV
added 4 days ago3 views

CVE-2026-10671 User thread can re-initialize an in-use `k_pipe`, corrupting kernel wait queues (`CONFIG_USERSPACE`)

In Zephyr's kernel pipe implementation, the userspace syscall verifier zvrfykpipeinit in kernel/pipe.c used KSYSCALLOBJ which requires the kernel object to already be initialized instead of KSYSCALLOBJNEVERINIT which rejects an already-initialized object. As a result, on CONFIGUSERSPACE builds an...

7.1CVSS6.1AI score0.00103EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 days ago6 views

CVE-2026-10667 SMP use-after-free in Zephyr `CONFIG_USERSPACE` dynamic kernel-object tracking, reachable from unprivileged user threads

Zephyr's dynamic kernel-object tracking kernel/userspace/userspace.c, formerly kernel/userspace.c maintains a doubly-linked list objlist of dynamically allocated kernel objects. Iteration over this list in kobjectwordlistforeach was performed under listslock using the SAFE iterator which caches t...

7.8CVSS6.1AI score0.00109EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-2488

Malware in sbrugna...

6.9CVSS6.6AI score0.00469EPSS
Exploits0References6
Prion
Prion
added 2021/05/25 5:15 p.m.18 views

Heap overflow

Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions = 1.14.2, = 2.3.0 contain Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr...

7.2CVSS7.4AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/05/11 11:15 p.m.26 views

CVE-2020-10023

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version...

6.9CVSS7.1AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2020/05/11 11:15 p.m.6 views

CVE-2020-10023

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version...

6.8CVSS7.2AI score0.00469EPSS
Exploits0References5
Prion
Prion
added 2020/05/11 11:15 p.m.14 views

Buffer overflow

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version...

4.6CVSS7.2AI score0.00469EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/05/11 10:26 p.m.68 views

CVE-2020-10023

The CVE-2020-10023 entry concerns a buffer overflow in the Zephyr kernel shell subsystem that can cause memory corruption. Affected software is Zephyr Project RTOS (kernel shells), with impact described as potential denial of service or possibly code execution when an adversary has physical acces...

6.9CVSS7.1AI score0.00469EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder