Zephyr@1.14.2 Security Vulnerabilities and Issues — Zephyr@1.14.2 CVE List

Lucene search

ZephyrprojectZephyr1.14.2

3 matches found

CVE•added 2020/05/11 11:15 p.m.•57 views

CVE-2020-10024

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and...

7.8CVSS7.8AI score0.00092EPSS

CVE•added 2021/10/05 9:15 p.m.•38 views

CVE-2021-3510

Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4

7.5CVSS7.5AI score0.00334EPSS

CVE•added 2021/10/05 9:15 p.m.•36 views

CVE-2021-3436

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyr...

6.5CVSS5.5AI score0.00315EPSS