Multiple vulnerabilities in rutantan zephyr
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2020-10023 CVE-2020-10024 CVE-2020-10027 CVE-2020-10028 CVE-2020-10058 CVE-2020-10067 |
| CWE-ID | CWE-120 CWE-697 CWE-20 CWE-190 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
zephyr Other software / Other software solutions |
| Vendor | rutantan |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU34391
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10023
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to execute arbitrary code.
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
MitigationInstall update from vendor's website.
Vulnerable software versionszephyr: 1.14.1 - 2.1.0
External linkshttp://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10023
http://github.com/zephyrproject-rtos/zephyr/pull/23304
http://github.com/zephyrproject-rtos/zephyr/pull/23646
http://github.com/zephyrproject-rtos/zephyr/pull/23649
http://zephyrprojectsec.atlassian.net/browse/ZEPSEC-29
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect Comparison
EUVDB-ID: #VU34392
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10024
CWE-ID:
CWE-697 - Incorrect Comparison
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
MitigationInstall update from vendor's website.
Vulnerable software versionszephyr: 1.14.2 - 2.1.0
External linkshttp://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024
http://github.com/zephyrproject-rtos/zephyr/pull/23323
http://github.com/zephyrproject-rtos/zephyr/pull/23498
http://github.com/zephyrproject-rtos/zephyr/pull/23535
http://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Comparison
EUVDB-ID: #VU34393
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10027
CWE-ID:
CWE-697 - Incorrect Comparison
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
MitigationInstall update from vendor's website.
Vulnerable software versionszephyr: 1.14.0 - 2.1.0
External linkshttp://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10027
http://github.com/zephyrproject-rtos/zephyr/pull/23328
http://github.com/zephyrproject-rtos/zephyr/pull/23499
http://github.com/zephyrproject-rtos/zephyr/pull/23500
http://zephyrprojectsec.atlassian.net/browse/ZEPSEC-35
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU34394
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10028
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
MitigationInstall update from vendor's website.
Vulnerable software versionszephyr: 1.14.0 - 2.1.0
External linkshttp://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10028
http://github.com/zephyrproject-rtos/zephyr/pull/23308
http://github.com/zephyrproject-rtos/zephyr/pull/23733
http://github.com/zephyrproject-rtos/zephyr/pull/23737
http://zephyrprojectsec.atlassian.net/browse/ZEPSEC-32
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU34395
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10058
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
MitigationInstall update from vendor's website.
Vulnerable software versionszephyr: 2.1.0
External linkshttp://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10058
http://github.com/zephyrproject-rtos/zephyr/pull/23308
http://github.com/zephyrproject-rtos/zephyr/pull/23748
http://zephyrprojectsec.atlassian.net/browse/ZEPSEC-34
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU34398
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10067
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
MitigationInstall update from vendor's website.
Vulnerable software versionszephyr: 1.14.1 - 2.1.0
External linkshttp://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067
http://github.com/zephyrproject-rtos/zephyr/pull/23239
http://github.com/zephyrproject-rtos/zephyr/pull/23653
http://github.com/zephyrproject-rtos/zephyr/pull/23654
http://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
