PT-2018-9526 · Linux Foundation · Zephyr Rtos

Stuartlyo

Publicado

2018-09-06

Atualizado

2020-05-13

CVE-2018-1000800

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zephyr-rtos version 1.12.0

Description The issue is related to a NULL base pointer reference in the sys ring buf put() and sys ring buf get() functions, which can cause a CPU Page Fault with error code 0x00000010. This can be exploited through a malicious application calling the vulnerable kernel APIs, specifically sys ring buf get() and sys ring buf put().

Recommendations For zephyr-rtos version 1.12.0, consider restricting access to the sys ring buf get() and sys ring buf put() functions until a patch is available. As a temporary workaround, avoid using these functions in applications to minimize the risk of exploitation.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2018-1000800

Produtos afetados

Zephyr Rtos

PT-2018-9526 · Linux Foundation · Zephyr Rtos

CVE-2018-1000800

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3