SB2020051284 - Multiple vulnerabilities in rutantan zephyr

Main Vulnerability Database SB2020051284

SB2020051284 - Multiple vulnerabilities in rutantan zephyr

Published: May 12, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020051284

Severity

Medium

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2020-10023)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

2) Incorrect Comparison (CVE-ID: CVE-2020-10024)

The vulnerability allows a local authenticated user to execute arbitrary code.

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

3) Incorrect Comparison (CVE-ID: CVE-2020-10027)

The vulnerability allows a local authenticated user to execute arbitrary code.

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

4) Input validation error (CVE-ID: CVE-2020-10028)

The vulnerability allows a local authenticated user to execute arbitrary code.

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

5) Input validation error (CVE-ID: CVE-2020-10058)

The vulnerability allows a local authenticated user to execute arbitrary code.

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

6) Integer overflow (CVE-ID: CVE-2020-10067)

The vulnerability allows a local authenticated user to execute arbitrary code.

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Remediation

Install update from vendor's website.

References