Zephyr@2.1.0 Security Vulnerabilities and Issues — Zephyr@2.1.0 CVE List

Lucene search

ZephyrprojectZephyr2.1.0

8 matches found

CVE•added 2020/05/11 11:15 p.m.•66 views

CVE-2020-10027

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

7.8CVSS7.8AI score0.00092EPSS

CVE•added 2020/05/11 11:15 p.m.•64 views

CVE-2020-10059

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version...

5.8CVSS5.8AI score0.00373EPSS

CVE•added 2020/05/11 11:15 p.m.•58 views

CVE-2020-10028

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

7.8CVSS7.7AI score0.00077EPSS

CVE•added 2020/05/11 11:15 p.m.•57 views

CVE-2020-10024

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and...

7.8CVSS7.8AI score0.00092EPSS

CVE•added 2020/05/11 11:15 p.m.•55 views

CVE-2020-10067

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the ker...

7.8CVSS8AI score0.00062EPSS

CVE•added 2020/05/11 11:15 p.m.•54 views

CVE-2020-10023

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.1...

6.9CVSS7.1AI score0.00099EPSS

CVE•added 2020/05/11 11:15 p.m.•54 views

CVE-2020-10058

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

7.8CVSS7.8AI score0.00081EPSS

CVE•added 2020/05/11 11:15 p.m.•52 views

CVE-2020-10022

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later ve...

9.8CVSS9.6AI score0.01697EPSS