What is the severity of CVE-2020-10067?

CVE-2020-10067 is considered a high-severity vulnerability due to potential impacts such as denial of service, information leaks, and memory corruption.

How do I fix CVE-2020-10067?

To mitigate CVE-2020-10067, update your Zephyr Project software to versions 1.14.2 or later and 2.1.1 or later.

What systems are affected by CVE-2020-10067?

CVE-2020-10067 affects Zephyr Project versions 1.14.1 and 2.1.0.

What are the consequences of CVE-2020-10067 exploitation?

Exploitation of CVE-2020-10067 can lead to denial of service, potential information leakage, and memory corruption that may allow arbitrary code execution.

Who should be concerned about CVE-2020-10067?

Developers and organizations using the affected versions of the Zephyr Project should be concerned about CVE-2020-10067.

Vulnerability/
CVE-2020-10067

high

7.8

CWE

190

1/5/2020

4/8/2024

CVE-2020-10067: Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory

First published: Fri May 01 2020(Updated: )

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.

Credit: vulnerabilities@zephyrproject.org

Affected Software	Affected Version	How to fix
Zephyr Project Manager	=1.14.1
Zephyr Project Manager	=2.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-10067?
CVE-2020-10067 is considered a high-severity vulnerability due to potential impacts such as denial of service, information leaks, and memory corruption.
How do I fix CVE-2020-10067?
To mitigate CVE-2020-10067, update your Zephyr Project software to versions 1.14.2 or later and 2.1.1 or later.
What systems are affected by CVE-2020-10067?
CVE-2020-10067 affects Zephyr Project versions 1.14.1 and 2.1.0.
What are the consequences of CVE-2020-10067 exploitation?
Exploitation of CVE-2020-10067 can lead to denial of service, potential information leakage, and memory corruption that may allow arbitrary code execution.
Who should be concerned about CVE-2020-10067?
Developers and organizations using the affected versions of the Zephyr Project should be concerned about CVE-2020-10067.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/remedy
agent/author
agent/title
agent/references
agent/weakness
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/zephyrproject
canonical/zephyr project manager
version/zephyr project manager/1.14.1
version/zephyr project manager/2.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2020-10067: Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-10067?

How do I fix CVE-2020-10067?

What systems are affected by CVE-2020-10067?

What are the consequences of CVE-2020-10067 exploitation?

Who should be concerned about CVE-2020-10067?

Company

Resources

Contact