lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 11 Nov 2023 16:29:45 +0100
From: Marco Ivaldi <marco.ivaldi@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities
 in Zephyr RTOS

Hi all,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the Zephyr real-time operating
system.

* Title: Multiple vulnerabilities in Zephyr RTOS
* OS: Zephyr <= 3.4.0, except for:
  * CVE-2023-4265 that affects Zephyr <= 3.3.0
  * CVE-2023-4261 that affects Zephyr <= 3.5.0
* Author: Marco Ivaldi <marco.ivaldi@...ecurity.it>
* Date: 2023-11-07
* CVE IDs and severity:
  * CVE-2023-3725 - High - 7.6
  * CVE-2023-4257 - Moderate - 6.8
  * CVE-2023-4259 - High - 7.1
  * CVE-2023-4260 - Moderate - 6.3
  * CVE-2023-4261 - (unreleased)
  * CVE-2023-4262 - Moderate - 5.1
  * CVE-2023-4263 - High - 7.6
  * CVE-2023-4264 - High - 7.1
  * CVE-2023-4265 - Moderate - 6.4
  * CVE-2023-5139 - Moderate - 4.4
  * CVE-2023-5184 - High - 7.0
  * CVE-2023-5753 - Moderate - 6.3
* Vendor URL: https://www.zephyrproject.org/
* Advisory URLs:
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5954-jcv4-7rvm
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g
  * https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww

For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/ost2-zephyr-rtos-and-a-bunch-of-cves

Regards,

-- 
Marco Ivaldi
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."

View attachment "HNS-2023-03-zephyr.txt" of type "text/plain" (34217 bytes)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ