Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS

Related Vulnerabilities: CVE-2023-4265   CVE-2023-4261   CVE-2023-3725   CVE-2023-4257   CVE-2023-4259   CVE-2023-4260   CVE-2023-4262   CVE-2023-4263   CVE-2023-4264   CVE-2023-5139   CVE-2023-5184   CVE-2023-5753  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="0"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#1">By Date</a>
<a href="2"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="0"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#1">By Thread</a>
<a href="2"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Marco Ivaldi &lt;marco.ivaldi () gmail com&gt;


<em>Date</em>: Sat, 11 Nov 2023 16:29:45 +0100


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Hi all,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the Zephyr real-time operating
system.

* Title: Multiple vulnerabilities in Zephyr RTOS
* OS: Zephyr &lt;= 3.4.0, except for:
  * CVE-2023-4265 that affects Zephyr &lt;= 3.3.0
  * CVE-2023-4261 that affects Zephyr &lt;= 3.5.0
* Author: Marco Ivaldi &lt;marco.ivaldi () hnsecurity it&gt;
* Date: 2023-11-07
* CVE IDs and severity:
  * CVE-2023-3725 - High - 7.6
  * CVE-2023-4257 - Moderate - 6.8
  * CVE-2023-4259 - High - 7.1
  * CVE-2023-4260 - Moderate - 6.3
  * CVE-2023-4261 - (unreleased)
  * CVE-2023-4262 - Moderate - 5.1
  * CVE-2023-4263 - High - 7.6
  * CVE-2023-4264 - High - 7.1
  * CVE-2023-4265 - Moderate - 6.4
  * CVE-2023-5139 - Moderate - 4.4
  * CVE-2023-5184 - High - 7.0
  * CVE-2023-5753 - Moderate - 6.3
* Vendor URL: <a rel="nofollow" href="https://www.zephyrproject.org/">https://www.zephyrproject.org/</a>
* Advisory URLs:
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5954-jcv4-7rvm">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5954-jcv4-7rvm</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g</a>
  * <a rel="nofollow" href="https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww">https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww</a>

For additional information, please refer to our vulnerability writeup:
<a rel="nofollow" href="https://security.humanativaspa.it/ost2-zephyr-rtos-and-a-bunch-of-cves">https://security.humanativaspa.it/ost2-zephyr-rtos-and-a-bunch-of-cves</a>

Regards,

-- 
Marco Ivaldi
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
</pre><p><strong>Attachment:
<a href="att-1/HNS-2023-03-zephyr.txt"><tt>HNS-2023-03-zephyr.txt</tt></a></strong>

<em>Description:</em> </p>
<pre style="margin: 0em;">_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="https://seclists.org/fulldisclosure/">https://seclists.org/fulldisclosure/</a></pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="0"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#1">By Date</a>
<a href="2"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="0"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#1">By Thread</a>
<a href="2"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS</strong> <em>Marco Ivaldi (Nov 12)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started