Zephyrproject: >> Zephyr >> 2.1.0 Security Vulnerabilities
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-05-11
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-05-11
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-05-11
Page 9