Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
Vulnerability Description
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Zephyr 输入验证错误漏洞
Vulnerability Description
Zephyr是美国Linux基金会的一套开源的小型的可缩放的实时操作系统。 Zephyr 1.14.0及之后版本(1.14.2版本已修复)和2.1.0及之后版本(2.2.0版本已修复)中的GPIO子系统存在输入验证错误漏洞,该漏洞源于在进行多个系统调用时,程序没有执行参数验证。攻击者可借助特制请求利用该漏洞执行任意代码以获取提升的权限。
CVSS Information
N/A
Vulnerability Type
N/A