Integer overflow in zephyr - CVE-2020-10067
Published: May 12, 2020 / Updated: August 8, 2020
Vulnerability identifier: #VU34398
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-10067
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: rutantan
Affected software:
zephyr
zephyr
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
How to mitigate CVE-2020-10067
Install update from vendor's website.
Sources
- https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067
- https://github.com/zephyrproject-rtos/zephyr/pull/23239
- https://github.com/zephyrproject-rtos/zephyr/pull/23653
- https://github.com/zephyrproject-rtos/zephyr/pull/23654
- https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27