Main Vulnerability Database SB2020100714

SB2020100714 - Multiple vulnerabilities in Microsoft Azure Sphere

Published: October 7, 2020

Security Bulletin ID SB2020100714

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect calculation (CVE-ID: N/A)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation issue in the Littlefs Quota functionality. A local user can cause a quota bypass and reboot, resulting in denial of service condition.

2) Use of uninitialized resource (CVE-ID: N/A)

The vulnerability allows a local attacker to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in the Littlefs filesystem functionality. A local attacker can use a specially crafted set of syscalls, trigger uninitialized usage of resources and gain access to sensitive information on the system.

Remediation

Install update from vendor's website.

SB2020100714 - Multiple vulnerabilities in Microsoft Azure Sphere

Breakdown by Severity

Description

Remediation

References

Please verify you're human