PT-2018-9526 · Linux Foundation · Zephyr Rtos

Stuartlyo

Published

2018-09-06

Updated

2020-05-13

CVE-2018-1000800

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zephyr-rtos version 1.12.0

Description The issue is related to a NULL base pointer reference in the sys ring buf put() and sys ring buf get() functions, which can cause a CPU Page Fault with error code 0x00000010. This can be exploited through a malicious application calling the vulnerable kernel APIs, specifically sys ring buf get() and sys ring buf put().

Recommendations For zephyr-rtos version 1.12.0, consider restricting access to the sys ring buf get() and sys ring buf put() functions until a patch is available. As a temporary workaround, avoid using these functions in applications to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-1000800

Affected Products

Zephyr Rtos

PT-2018-9526 · Linux Foundation · Zephyr Rtos

CVE-2018-1000800

Weakness Enumeration

Related Identifiers

Affected Products

References · 3