CVE-2020-10058: Multiple Syscalls In kscan Subsystem Performs No Argument Validation
First published: Mon May 11 2020(Updated: )
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
Credit: vulnerabilities@zephyrproject.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zephyr Project Manager | =2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10058?
CVE-2020-10058 is classified with high severity due to insufficient argument validation in the Kscan subsystem that can lead to elevated privileges.
How do I fix CVE-2020-10058?
To fix CVE-2020-10058, update to a patched version of Zephyr that addresses the insufficient argument validation vulnerability.
Which versions of Zephyr are affected by CVE-2020-10058?
CVE-2020-10058 affects Zephyr version 2.1.0 and later versions.
What can exploit CVE-2020-10058?
CVE-2020-10058 allows code executing in userspace to exploit the vulnerability due to insufficient validation of arguments.
Is there a workaround for CVE-2020-10058?
Currently, the best mitigation for CVE-2020-10058 is to upgrade to a fixed version of the software.
- agent/type
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zephyrproject
- canonical/zephyr project manager
- version/zephyr project manager/2.1.0