CVE-2020-10024

Summary

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtoszephyr1.14.0 < unspecifiedaffected
zephyrproject-rtoszephyr2.1.0 < unspecifiedaffected

Weaknesses

  • CWE-697: CWE-697 Incorrect Comparison

ADP Enrichment

CVE Program Container

Additional References

References