29 matches found
CVE-2021-26429
CVE-2021-26429 is associated with Microsoft Azure Sphere Elevation of Privilege. Connected sources indicate affected product Azure Sphere and root cause described as insufficient access control, enabling privilege escalation. Publicly available specifics on vulnerable components, affected version...
CVE-2021-26428
CVE-2021-26428 affects Microsoft Azure Sphere. Azure Sphere information disclosure vulnerability is tied to an input validation/data protection weakness in the Azure Sphere OS, enabling information disclosure with LOCAL access and no authentication required. The combined CVSS data indicates a MED...
CVE-2021-26430
Azure Sphere Denial of Service vulnerability (CVE-2021-26430) affects Microsoft Azure Sphere. The connected documents consistently label it as a DoS issue impacting Azure Sphere components, but they do not provide concrete exploit details, affected versions, root cause analysis, or remediation st...
CVE-2021-36956
Azure Sphere CVE-2021-36956 is an information-disclosure vulnerability in Azure Sphere OS. The issue is described as a lack of protection for service data, enabling sensitive data exposure. Impact is disclosed as data leakage (CONFIDENTIALITY impact). Root cause notes point to unprotected service...
CVE-2021-28460
Azure Sphere contains an unsigned code execution vulnerability (CVE-2021-28460). The issue is described as a local, low-complexity vulnerability that requires no authentication and can impact confidentiality, integrity, and availability. Several connected sources (NVD entry and Microsoft advisory...
CVE-2021-27080
CVE-2021-27080 is listed as Azure Sphere Unsigned Code Execution Vulnerability. Connected sources confirm affected product is Azure Sphere and describe a vulnerability that could allow unsigned code execution (with MSRC labeling it as an Azure Sphere Unsigned Code Execution vulnerability). The co...
CVE-2020-35608
Summary (verified) : CVE-2020-35608 affects Microsoft Azure Sphere 20.07. Affected component: the normal world’s signed code execution path. Root cause : a specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. Impact : local code ...
CVE-2020-16970
CVE-2020-16970 is a Microsoft Azure Sphere vulnerability involving the AF_AZSPIO socket path. The Talos analysis describes a memory-corruption flaw in the AF_AZSPIO socket flow that can trigger a double-free and out-of-bounds read in the kernel, potentially allowing shellcode execution and/or a d...
CVE-2020-16982
CVE-2020-16982 (Azure Sphere) has a concrete advisory in TALOS-2020-1132 describing a privilege-escalation flaw in the Azure Sphere mtd character device driver. The issue arises from a write path (MEMWRITE) in the MTD subsystem that does not verify FMODE_WRITE, allowing an attacker with read acce...
CVE-2021-41374
CVE-2021-41374 concerns Microsoft Azure Sphere Information Disclosure Vulnerability. Connected documents affirm Azure Sphere as affected. CVSS data indicate an attacker with local access and low privileges could cause confidentiality impact (C: HIGH; I/N/A N) per CVSS v3.1, while CVSS v2.0/3.1 me...
CVE-2020-16990
Azure Sphere (Microsoft) kernel message ring buffer information disclosure vulnerability (CVE-2020-16990) affects Azure Sphere 20.05+; unprivileged users can access the kernel log via klogctl due to default dmesg_restrict settings, potentially leaking memory addresses and other sensitive data. TA...
CVE-2020-35609
CVE-2020-35609 affects Microsoft Azure Sphere 20.05, specifically the asynchronous ioctl path of the /dev/pluton interface. TALOS documents a denial-of-service scenario triggered by a rapid sequence of asynchronous ioctls that fill the Pluton ring buffer, causing the M4/A7 communication to stall ...
CVE-2021-41376
CVE-2021-41376 is an Azure Sphere Information Disclosure vulnerability. Connected sources confirm Azure Sphere as the affected product with potential access to sensitive information, categorized as information disclosure with local access requirements. Microsoft and North‑Western advisories indic...
CVE-2020-16987
Azure Sphere contains a local unsigned code execution vulnerability in the normal world path via /proc/thread-self/mem allowing an attacker to write shellcode into a process memory region and execute it. The TALOS advisory for Azure Sphere 20.07 details a shellcode-based overwrite of non-writable...
CVE-2021-41375
Azure Sphere Information Disclosure Vulnerability (CVE-2021-41375) affects Microsoft Azure Sphere OS. Connected sources corroborate an information-disclosure issue with Azure Sphere, CVSS around 4.4 (MEDIUM) and remote vector listed as LOCAL with high privileges required in some vectors; official...
CVE-2022-35821
CVE-2022-35821 affects Microsoft Azure Sphere. The Azure Sphere Information Disclosure Vulnerability is due to insufficient protection of service data in the Azure Sphere OS. CVSSv3 metrics in the initial record indicate a Medium severity (4.4), with Local attack vector, Low attack complexity, an...
CVE-2020-16984
CVE-2020-16984 is an Azure Sphere unsigned code execution vulnerability affecting the Azure Sphere Linux-based OS. The root cause is the READ_IMPLIES_EXEC personality, which can cause PROT_READ pages to be treated as executable during memory operations (brk/mmap), potentially creating an executab...
CVE-2020-16986
CVE-2020-16986: Microsoft Azure Sphere Littlefs quota vulnerability allowing quota bypass via truncate operations on /mnt/config; a negative/large size write can reset quota accounting (info->used_bytes) and enable repeated disk writes, potentially exhausting storage and causing DoS (watchdog ...
CVE-2020-16988
CVE-2020-16988 corresponds to a Microsoft Azure Sphere Elevation of Privilege vulnerability. Connected PT-2020-4764 confirms a privilege-management error in Azure Sphere OS that could let a remote attacker elevate privileges, potentially enabling remote privilege escalation. The CVSS metrics in t...
CVE-2020-16991
Azure Sphere contains a signed-code-execution vulnerability in the Normal World. A specially crafted shellcode can be executed by abusing ptrace to modify a running process’s memory, bypassing write protections and enabling arbitrary code execution. TALOS documents this as a local, low-attack-sur...
CVE-2020-16985
Azure Sphere Information Disclosure Vulnerability (CVE-2020-16985) affects Microsoft Azure Sphere. Public sources indicate an information disclosure flaw present in Azure Sphere versions prior to 20.09, enabling an attacker to gain unauthorized access to the device file system. Root cause details...
CVE-2020-16994
Azure Sphere has a code‑execution vulnerability in the normal world via unsigned code execution through /proc/self/mem. The TALOS advisory details how a process can write to its own memory by leveraging a Linux kernel behavior that allows memory to be writable and executable, circumventing protec...
CVE-2020-16981
Azure Sphere Elevation of Privilege (CVE-2020-16981) affects Microsoft Azure Sphere OS. The root cause is insufficient access control, per PT-2020-4818, with Azure Sphere versions prior to 20.08 stated as affected in CNVD-2020-63390. Impact is privilege escalation, enabling attacker to gain highe...
CVE-2021-42300
CVE-2021-42300 corresponds to Microsoft Azure Sphere Tampering Vulnerability. Connected sources indicate Azure Sphere (and related Azure RTOS/FSLogix entries) are affected by a tampering issue arising from insufficient access control, enabling local attacker access. The CVSS:3.1 vector (AV:L/AC:L...
CVE-2020-16989
CVE-2020-16989 affects Microsoft Azure Sphere. The connected PT-Security entry indicates the issue involves errors in privilege management within the Azure Sphere OS, enabling a remote attacker to elevate privileges. Public references show the vulnerability is classified as a privilege escalation...
CVE-2020-16992
CVE-2020-16992 is an Azure Sphere elevation-of-privilege vulnerability affecting Microsoft Azure Sphere. The connected PT-2020-4813 entry describes insufficient access control as the root cause and notes affected Azure Sphere versions with no specified fix version; it recommends updating via Wind...
CVE-2021-27074
CVE-2021-27074 is an Azure Sphere unsigned code execution vulnerability. Connected documents describe the issue as an unsigned code execution flaw in Azure Sphere, with one source attributing it to incorrect code generation management in the Azure Sphere OS. Practical impact stated across sources...
CVE-2020-16983
Azure Sphere: A tampering vulnerability due to insufficient access control in the Azure Sphere OS allows privilege escalation. Affected: Microsoft Azure Sphere (OS). Root cause per PT-2020-4810 is insufficient access control; impact includes privilege escalation. No fix/version details are provid...
CVE-2020-16993
CVE-2020-16993 concerns Microsoft Azure Sphere and describes a privilege-escalation vulnerability in the uid_map functionality of Azure Sphere 20.06 and earlier. The root cause is that the application-manager clears uniqueness checks among listed UIDs, allowing multiple component_ids to share the...