Multiple Syscalls In kscan Subsystem Performs No Argument Validation

Description

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges.

See NCC-ZEP-006

Environment

None

Activity

Show:
David Brown
March 5, 2020, 10:40 PM

Mail sent to code owners.

David Brown
March 6, 2020, 4:00 PM

David Brown
March 16, 2020, 3:58 PM

Although this is fixed by the same patch as ZEPSEC-32, the patch could easily be split, so it makes a little more sense to keep this as a separate CVE.

Assignee

David Brown

Reporter

David Brown

Labels

None

Authorized viewers

Jeremy Boone

CVE

CVE-2020-10058

Embargo Lift

2020/05/01

Fix versions

Affects versions

Priority

Medium
Configure