| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM+3YVrWaBdcadukQ0kbCONy7M-LtFDQR=CGMXsYix+QHax9Dg@mail.gmail.com>
Date: Sat, 11 Nov 2023 16:29:45 +0100
From: Marco Ivaldi <marco.ivaldi@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities
in Zephyr RTOS
Hi all,
Find attached a security advisory that details multiple
vulnerabilities we discovered in the Zephyr real-time operating
system.
* Title: Multiple vulnerabilities in Zephyr RTOS
* OS: Zephyr <= 3.4.0, except for:
* CVE-2023-4265 that affects Zephyr <= 3.3.0
* CVE-2023-4261 that affects Zephyr <= 3.5.0
* Author: Marco Ivaldi <marco.ivaldi@...ecurity.it>
* Date: 2023-11-07
* CVE IDs and severity:
* CVE-2023-3725 - High - 7.6
* CVE-2023-4257 - Moderate - 6.8
* CVE-2023-4259 - High - 7.1
* CVE-2023-4260 - Moderate - 6.3
* CVE-2023-4261 - (unreleased)
* CVE-2023-4262 - Moderate - 5.1
* CVE-2023-4263 - High - 7.6
* CVE-2023-4264 - High - 7.1
* CVE-2023-4265 - Moderate - 6.4
* CVE-2023-5139 - Moderate - 4.4
* CVE-2023-5184 - High - 7.0
* CVE-2023-5753 - Moderate - 6.3
* Vendor URL: https://www.zephyrproject.org/
* Advisory URLs:
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-853q-q69w-gf5j
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gghm-c696-f4j4
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-gj27-862r-55wh
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5954-jcv4-7rvm
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-56p9-5p3v-hhrc
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rgx6-3w4j-gf5j
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vgv-5r6q-r6xh
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rhrc-pcxp-4453
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8x3p-q3r5-xh9g
* https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hmpr-px56-rvww
For additional information, please refer to our vulnerability writeup:
https://security.humanativaspa.it/ost2-zephyr-rtos-and-a-bunch-of-cves
Regards,
--
Marco Ivaldi
"When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl."
View attachment "HNS-2023-03-zephyr.txt" of type "text/plain" (34217 bytes)
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists