44 matches found
Code injection
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...
Cross site scripting
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions...
Design/Logic Flaw
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...
Design/Logic Flaw
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10067 Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the...
CVE-2020-10067
CVE-2020-10067 affects Zephyr Project RTOS. A malicious userspace application can trigger an integer overflow that bypasses security checks in system call handlers, with impacts ranging from denial of service to information leak and memory corruption potentially enabling kernel code execution. Af...
CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr versi...
CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer
In updatehubprobe, right after JSON parsing is complete, objects\1 is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an...
CVE-2020-10060
CVE-2020-10060 affects Zephyr’s UpdateHub module. The vulnerability arises in updatehub_probe: after JSON parsing, the code accesses objects[1], which can reference uninitialized stack memory if the JSON has fewer than two elements. This could crash the process, cause a denial of service, or pote...
CVE-2020-10059
CVE-2020-10059 affects Zephyr Project RTOS (2.1.0 and later) via the UpdateHub module, which disables DTLS peer checking. This enables a man-in-the-middle risk, mitigated by firmware signatures, with no shown exploit details in the documents. The issue sits with the UpdateHub component and is lin...
CVE-2020-10058
CVE-2020-10058 affects Zephyr Project RTOS (Kscan subsystem). The issue arises from insufficient parameter validation in multiple Kscan syscalls, enabling a local user to potentially gain elevated privileges. Publicly documented details from CNVD-2020-35003 confirm Zephyr 2.1.0 and later are affe...
CVE-2020-10058 Multiple Syscalls In kscan Subsystem Performs No Argument Validation
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions...
CVE-2020-10028
CVE-2020-10028 concerns Zephyr RTOS, specifically the GPIO subsystem, where multiple syscalls perform no argument validation. Root cause: insufficient validation on syscall parameters, enabling possible improper access or misuse. Affected: Zephyr versions 1.14.0 and later, including 2.1.0 and lat...
CVE-2020-10027
Technical details about CVE-2020-10027 are not publicly available in the provided connected documents; monitor for updates.
CVE-2020-10027 ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...
CVE-2020-10024
This CVE concerns Zephyr RTOS: the ARM platform-specific code uses a signed integer comparison when validating syscall numbers. The root cause enables privilege escalation from a user thread to kernel level if code execution is obtained in user space. Affected versions are Zephyr project-rtos Zep...
CVE-2020-10023 Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version...
CVE-2020-10024 ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 a...
CVE-2020-10022 UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later...
CVE-2020-10022
CVE-2020-10022 affects Zephyr OS (zephyrproject-rtos) via a malformed JSON payload received from an UpdateHub server, causing memory corruption. This leads to either denial of service or potential code execution in Zephyr versions 2.1.0 and later (including 2.2.0+). Root cause described across co...