Skip to content

Commit

Permalink
doc: security: Disclose CVE-2024-11263
Browse files Browse the repository at this point in the history 
Disclose information about published CVE

Signed-off-by: Flavio Ceolin <[email protected]>
  • Loading branch information
@ceolin
ceolin committed Nov 15, 2024
1 parent 24c2c43 commit ffcb2fe
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions doc/security/vulnerabilities.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1794,3 +1794,22 @@ Under embargo until 2024-11-22
-----------------

Under embargo until 2025-01-23

:cve:`2024-11263`
----------------

arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y

A rogue thread can corrupt the gp reg and cause the entire system to hard fault at best, at worst,
it can potentially trick the system to access another set of random global symbols.

- `Zephyr project bug tracker GHSA-jjf3-7x72-pqm9
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9>`_

This has been fixed in main for v4.0.0

- `PR 81155 fix for main
<https://github.com/zephyrproject-rtos/zephyr/pull/81155>`_

- `PR 81370 fix for 3.7
<https://github.com/zephyrproject-rtos/zephyr/pull/81370>`_

0 comments on commit ffcb2fe

Please sign in to comment.