Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver
CVE-2023-5184

8.8HIGH

Key Information:

Vendor: Zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 27 September 2023

🔔 Create Zephyrproject-rtos Vulnerability Alert

What is CVE-2023-5184?

The Zephyr IPM drivers are susceptible to two distinct conversion errors, where signed integers are improperly handled as unsigned integers, alongside a buffer overflow vulnerability. These issues can potentially lead to unauthorized memory access, affecting the integrity and stability of systems utilizing the Zephyr RTOS, particularly version 3.x.0. Proper safeguarding measures should be implemented to mitigate these vulnerabilities.

Affected Version(s)

Zephyr * <= 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

http://www.openwall.com/lists/oss-security/2023/11/07/1

http://seclists.org/fulldisclosure/2023/Nov/1

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 25, 2023