Potential signed to unsigned conversion errors and buffer overflow vulnerabilities in the Zephyr IPM driver
CVE-2023-5184

7HIGH

Key Information:

Vendor

Zephyrproject-rtos

Status
Zephyr
Vendor
CVE Published:
27 September 2023

What is CVE-2023-5184?

The Zephyr IPM drivers are susceptible to two distinct conversion errors, where signed integers are improperly handled as unsigned integers, alongside a buffer overflow vulnerability. These issues can potentially lead to unauthorized memory access, affecting the integrity and stability of systems utilizing the Zephyr RTOS, particularly version 3.x.0. Proper safeguarding measures should be implemented to mitigate these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Zephyr * <= 3.4

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...
http://www.openwall.com/lists/oss-security/2023/11/07/1
http://seclists.org/fulldisclosure/2023/Nov/1

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.