Home > Vulnerability Database > CVE-2020-10067

Mend.io Vulnerability Database

CVE-2020-10067

Good to know:

Date: May 11, 2020

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067

Url: https://github.com/zephyrproject-rtos/zephyr/pull/23239

Url: https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-10067

Url: https://github.com/zephyrproject-rtos/zephyr/pull/23654

Url: https://github.com/zephyrproject-rtos/zephyr/pull/23653

Url: https://www.mend.io/vulnerability-database/CVE-2020-10067

Severity Score

7.5

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version v1.14.2,v2.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-10067

Good to know:

Date: May 11, 2020

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?