CVE-2020-10024 (GCVE-0-2020-10024)
Vulnerability from cvelistv5
Published
2020-05-11 22:26
Modified
2024-09-17 01:56
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
Summary
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
References
Impacted products
Vendor Product Version
zephyrproject-rtos zephyr Version: 1.14.0   < unspecified
Version: 2.1.0   < unspecified
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:50:57.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "zephyr",
          "vendor": "zephyrproject-rtos",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "1.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "NCC Group for report"
        }
      ],
      "datePublic": "2020-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-697",
              "description": "CWE-697 Incorrect Comparison",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-05T17:37:36",
        "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
        "shortName": "zephyr"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
        }
      ],
      "source": {
        "defect": [
          "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerabilities@zephyrproject.org",
          "DATE_PUBLIC": "2020-05-01T00:00:00.000Z",
          "ID": "CVE-2020-10024",
          "STATE": "PUBLIC",
          "TITLE": "ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "zephyr",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "1.14.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "zephyrproject-rtos"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "NCC Group for report"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-697 Incorrect Comparison"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30",
              "refsource": "MISC",
              "url": "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
            },
            {
              "name": "https://github.com/zephyrproject-rtos/zephyr/pull/23323",
              "refsource": "MISC",
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23323"
            },
            {
              "name": "https://github.com/zephyrproject-rtos/zephyr/pull/23535",
              "refsource": "MISC",
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23535"
            },
            {
              "name": "https://github.com/zephyrproject-rtos/zephyr/pull/23498",
              "refsource": "MISC",
              "url": "https://github.com/zephyrproject-rtos/zephyr/pull/23498"
            },
            {
              "name": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024",
              "refsource": "MISC",
              "url": "https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024"
            }
          ]
        },
        "source": {
          "defect": [
            "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad",
    "assignerShortName": "zephyr",
    "cveId": "CVE-2020-10024",
    "datePublished": "2020-05-11T22:26:13.572574Z",
    "dateReserved": "2020-03-03T00:00:00",
    "dateUpdated": "2024-09-17T01:56:05.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-10024\",\"sourceIdentifier\":\"vulnerabilities@zephyrproject.org\",\"published\":\"2020-05-11T23:15:11.583\",\"lastModified\":\"2024-11-21T04:54:40.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.\"},{\"lang\":\"es\",\"value\":\"El c\u00f3digo arm espec\u00edfico de la plataforma utiliza una comparaci\u00f3n de enteros con signo cuando se comprueban los n\u00fameros de llamada del sistema. Un atacante que ha obtenido una ejecuci\u00f3n de c\u00f3digo dentro de un subproceso (hilo) de usuario es capaz de elevar los privilegios a los del kernel. Consulte NCC-ZEP-001. Este problema afecta a: zephyrproject-rtos zephyr versi\u00f3n 1.14.0 y versiones posteriores. Versi\u00f3n 2.1.0 y versiones posteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerabilities@zephyrproject.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"vulnerabilities@zephyrproject.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-697\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zephyrproject:zephyr:1.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B74694FC-5442-4F7E-AACF-0E1753F50148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zephyrproject:zephyr:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF33DD80-0286-477C-88A4-FCEC0D80F520\"}]}]}],\"references\":[{\"url\":\"https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024\",\"source\":\"vulnerabilities@zephyrproject.org\"},{\"url\":\"https://github.com/zephyrproject-rtos/zephyr/pull/23323\",\"source\":\"vulnerabilities@zephyrproject.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zephyrproject-rtos/zephyr/pull/23498\",\"source\":\"vulnerabilities@zephyrproject.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zephyrproject-rtos/zephyr/pull/23535\",\"source\":\"vulnerabilities@zephyrproject.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30\",\"source\":\"vulnerabilities@zephyrproject.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/zephyrproject-rtos/zephyr/pull/23323\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zephyrproject-rtos/zephyr/pull/23498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/zephyrproject-rtos/zephyr/pull/23535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.