ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers

Description

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel.

See NCC-ZEP-001

Environment

None

Activity

Show:
David Brown
March 5, 2020, 9:43 PM

Note that if these are fixed with separate commits, each commit will likely require a separate CVE. See the CVE Counting Rules for more information.

David Brown
March 6, 2020, 8:44 PM

Ioannis Glaropoulos
March 9, 2020, 9:49 AM

The fix has been merged now

Assignee

Ioannis Glaropoulos

Reporter

David Brown

Labels

None

Authorized viewers

Jeremy Boone

CVE

CVE-2020-10024

Embargo Lift

2020/05/01

Fix versions

Affects versions

Priority

Medium
Configure