Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple Syscalls In kscan Subsystem Performs No Argument Validation
Vulnerability Description
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Zephyr 输入验证错误漏洞
Vulnerability Description
Zephyr是美国Linux基金会的一套开源的小型的可缩放的实时操作系统。 Zephyr 2.1.0及之后版本(2.2.0版本已修复)中的Kscan子系统存在输入验证错误漏洞,该漏洞源于在进行多个系统调用时,程序没有执行充分的参数验证。攻击者可利用该漏洞提升权限。
CVSS Information
N/A
Vulnerability Type
N/A