ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers

Description

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel.

See NCC-ZEP-001

Environment

None

Assignee

Ruud Derwig

Reporter

David Brown

Labels

None

Authorized viewers

Jeremy Boone

CVE

CVE-2020-10027

Embargo Lift

2020/05/01

Fix versions

Affects versions

Priority

Medium
Configure