Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y
Vulnerability Description
When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
特权上下文切换错误
Vulnerability Title
Zephyr 安全漏洞
Vulnerability Description
Zephyr是Zephyr开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr 3.7.0版本及之前版本存在安全漏洞,该漏洞源于当启用全局指针 (GP) 相对寻址 (CONFIG_RISCV_GP=y) 时,gp reg 指向 .sdata 部分开始处的 0x800 字节,然后链接器使用该字节来放宽对全局符号的访问。
CVSS Information
N/A
Vulnerability Type
N/A