4.6
CVSSv2

CVE-2020-10023

Published: 11/05/2020 Updated: 05/06/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zephyrproject zephyr 1.14.1

zephyrproject zephyr 2.1.0

Github Repositories

CVE-Reproduction 五个attack_*文件夹中是分别为五个CVE的复现定制的application,对应关系如下: attack_usbmass > CVE-2020-10021 attack_coap > CVE-2020-10063 attack_shell > CVE-2020-10023 attack_syscall > CVE-2020-10024 attack_gpio > CVE-2020-10028 scripts/文件夹下是对usb mass storage应用的攻击脚本