Insufficient Argument Validation in Kscan Subsystem Allows Privilege Escalation

Insufficient Argument Validation in Kscan Subsystem Allows Privilege Escalation

CVE-2020-10058 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.

Learn more about our User Device Pen Test.