CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
5.1%
libzephyr.so is vulnerable to Buffer Overflow. The vulnerability is due to the imx_mu_ipm_send
function in ipm_imx.c
and the mcux_mailbox_ipm_send
function in ipm_mcux.c
which is susceptible to buffer overflow if the size
parameter is negative, as a result of signed/unsigned conversion mishandling. The fix introduces a static int send
in ipm_cavs_host.c
check to ensure that the size is neither negative nor exceeds MAX_MSG
.
packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
seclists.org/fulldisclosure/2023/Nov/1
www.openwall.com/lists/oss-security/2023/11/07/1
github.com/zephyrproject-rtos/zephyr/commit/eeea26d20651e7f91de5e7d216a5398551d164da
github.com/zephyrproject-rtos/zephyr/pull/63069
github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g