Flavio Ceolin

**Name of the Vulnerable Software and Affected Versions** zephyrproject-rtos zephyr versions 2.2.0 and later **Description** A remote adversary can cause a denial of service by sending arbitrary CoAP packets to be parsed by the affected software. **Recommendations** For versions 2.2.0 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zephyr versions 1.14.0 through 2.1.0 and later versions, but for clarity, this can be simplified to: zephyr versions 1.14.0 and later versions **Description** The issue is related to a buffer overflow in the shell subsystem. This can lead to memory corruption, resulting in denial of service or possibly code execution within the kernel. An adversary would need physical access to the device to exploit this issue. **Recommendations** For zephyr versions 1.14.0 and later versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zephyr versions 1.14.0 and later zephyr versions 2.1.0 and later **Description** The issue is related to multiple syscalls with insufficient argument validation. This problem affects the zephyrproject-rtos. **Recommendations** For zephyr version 1.14.0 and later, update to a version that includes the fix for this issue. For zephyr version 2.1.0 and later, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zephyr versions 1.14.1 through 2.1.0 and later versions. **Description** A malicious userspace application can cause an integer overflow, bypassing security checks performed by system call handlers. The impact can range from denial of service to information leak to memory corruption, potentially resulting in code execution within the kernel. **Recommendations** For zephyr versions 1.14.1 through 2.1.0 and later versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.