Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver
CVE-2023-5184

7HIGH

Key Information:

Status
Vendor
CVE Published:
27 September 2023

What is CVE-2023-5184?

The Zephyr IPM drivers are susceptible to two distinct conversion errors, where signed integers are improperly handled as unsigned integers, alongside a buffer overflow vulnerability. These issues can potentially lead to unauthorized memory access, affecting the integrity and stability of systems utilizing the Zephyr RTOS, particularly version 3.x.0. Proper safeguarding measures should be implemented to mitigate these vulnerabilities.

Affected Version(s)

Zephyr * <= 3.4

References

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.