fs: fuse: buffer overflow vulnerability in the Zephyr FS
CVE-2023-6881

9.8CRITICAL

Key Information:

Vendor: zephyrproject-rtos
Status: Zephyr
Vendor: CVE Published:; 29 February 2024

🔔 Create zephyrproject-rtos Vulnerability Alert

What is CVE-2023-6881?

A buffer overflow vulnerability exists in the Zephyr Project Real-Time Operating System (RTOS) specifically within the function is_mount_point. This issue may allow an attacker to potentially exploit the overflow, leading to unexpected behavior in affected systems. The vulnerability has implications for the security of devices utilizing the RTOS, emphasizing the necessity for users and developers to apply the relevant security patches as advised in official documentation.

Affected Version(s)

Zephyr * <= 3.5

References

https://github.com/zephyrproject-rtos/zephyr/security/adv...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Dec 15, 2023