HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS
2023-11-13 00:21:22 Author: seclists.org(查看原文) 阅读量:12 收藏
fulldisclosure logo

Full Disclosure mailing list archives

From: Marco Ivaldi <marco.ivaldi () gmail com>
Date: Sat, 11 Nov 2023 16:29:45 +0100
Hi all,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the Zephyr real-time operating
system.

* Title: Multiple vulnerabilities in Zephyr RTOS
* OS: Zephyr <= 3.4.0, except for:
  * CVE-2023-4265 that affects Zephyr <= 3.3.0
  * CVE-2023-4261 that affects Zephyr <= 3.5.0
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-11-07
* CVE IDs and severity:
  * CVE-2023-3725 - High - 7.6
  * CVE-2023-4257 - Moderate - 6.8
  * CVE-2023-4259 - High - 7.1
  * CVE-2023-4260 - Moderate - 6.3
  * CVE-2023-4261 - (unreleased)
  * CVE-2023-4262 - Moderate - 5.1
  * CVE-2023-4263 - High - 7.6
  * CVE-2023-4264 - High - 7.1
  * CVE-2023-4265 - Moderate - 6.4
  * CVE-2023-5139 - Moderate - 4.4
  * CVE-2023-5184 - High - 7.0
  * CVE-2023-5753 - Moderate - 6.3
* Vendor URL: https://www.zephyrproject.org/
* Advisory URLs:
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5954-jcv4-7rvm
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww

For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/ost2-zephyr-rtos-and-a-bunch-of-cves

Regards,

-- 
Marco Ivaldi
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."

Attachment: HNS-2023-03-zephyr.txt
Description: 

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

  • HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS Marco Ivaldi (Nov 12)

文章来源: https://seclists.org/fulldisclosure/2023/Nov/1
如有侵权请联系:admin#unsafe.sh