7.2
CVSSv2

CVE-2020-10024

Published: 11/05/2020 Updated: 05/06/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zephyrproject zephyr 1.14.2

zephyrproject zephyr 2.1.0

Github Repositories

CVE-Reproduction 五个attack_*文件夹中是分别为五个CVE的复现定制的application,对应关系如下: attack_usbmass > CVE-2020-10021 attack_coap > CVE-2020-10063 attack_shell > CVE-2020-10023 attack_syscall > CVE-2020-10024 attack_gpio > CVE-2020-10028 scripts/文件夹下是对usb mass storage应用的攻击脚本