First published: Fri May 01 2020(Updated: )
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
Credit: vulnerabilities@zephyrproject.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zephyr Project Manager | =1.14.1 | |
Zephyr Project Manager | =2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-10023 is classified as high due to the potential for denial of service and possible code execution.
To fix CVE-2020-10023, update to a patched version of Zephyr that resolves the buffer overflow vulnerability.
CVE-2020-10023 affects Zephyr versions 1.14.1 and 2.1.0.
CVE-2020-10023 is a buffer overflow vulnerability in the shell subsystem of the Zephyr kernel.
If CVE-2020-10023 is exploited, it can lead to memory corruption, resulting in system instability or unauthorized code execution.