PT-2025-23502 · Nekernal · Nekernal
0Xf00Sec
·
Publicado
2025-06-02
·
Atualizado
2025-06-02
·
CVE-2025-48990
CVSS v4.0
8.6
Alta
| Vetor | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
NeKernal version 0.0.2
Description
NeKernal is a free and open-source operating system stack. It has a 1-byte heap overflow in the
rt copy memory function, which unconditionally writes a null terminator at dst[len]. When len equals the size of the destination buffer, the extra write overruns the buffer by one byte. The issue was fixed in a commit without adding bounds checks or altering the function signature.Recommendations
For NeKernal version 0.0.2, consider applying the patch from commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee to remove the overflow-causing line in the
rt copy memory function. As a temporary workaround, consider restricting the use of the rt copy memory function until the patch is applied.Exploit
Correção
Heap Based Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nekernal