CVE-2020-10067 : A malicious userspace application can cause a integer overflow and bypass securi

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Published 2020-05-11 23:15:12

Updated 2020-06-05 18:15:13

Source Zephyr Project

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2020-10067

Zephyrproject » Zephyr » Version: 2.1.0
cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*
Matching versions
Zephyrproject » Zephyr » Version: 1.14.1
cpe:2.3:o:zephyrproject:zephyr:1.14.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-10067

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-10067

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H	0.8	6.0	Zephyr Project
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-10067

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Assigned by:
- nvd@nist.gov (Primary)
- vulnerabilities@zephyrproject.org (Secondary)

References for CVE-2020-10067

https://github.com/zephyrproject-rtos/zephyr/pull/23653

Backport v1.14: syscalls: arm: Fix possible overflow in is_in_region function by ceolin · Pull Request #23653 · zephyrproject-rtos/zephyr · GitHub
Patch;Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23654

Backport v2.1: syscalls: arm: Fix possible overflow in is_in_region function by ceolin · Pull Request #23654 · zephyrproject-rtos/zephyr · GitHub
Patch;Third Party Advisory
https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-27

[ZEPSEC-27] Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory - Zephyr Project Security Issues
Third Party Advisory
https://github.com/zephyrproject-rtos/zephyr/pull/23239

syscalls: arm: Fix possible overflow in is_in_region function by ceolin · Pull Request #23239 · zephyrproject-rtos/zephyr · GitHub
Patch;Third Party Advisory
https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10067

Vulnerabilities — Zephyr Project Documentation

Jump to

Vulnerability Details : CVE-2020-10067

Products affected by CVE-2020-10067

Exploit prediction scoring system (EPSS) score for CVE-2020-10067

CVSS scores for CVE-2020-10067

CWE ids for CVE-2020-10067

References for CVE-2020-10067