TOCK prior 42f7f36e74088036068d62253e1d8fb26605feed Permission kernel/src/tbfheader.rs kernel/src/tbfheaderrs permission
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.9 | $0-$5k | 0.00 |
A vulnerability was found in TOCK. It has been classified as critical. Affected is an unknown function of the file kernel/src/tbfheader.rs of the component Permission. The manipulation of the argument kernel/src/tbfheaderrs
as part of a Variable leads to a permission vulnerability. CWE is classifying the issue as CWE-275. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable "pub package_name: &'static str," in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed.
The weakness was presented 09/06/2018 (GitHub Repository). The advisory is shared for download at github.com. This vulnerability is traded as CVE-2018-1000660 since 09/06/2018. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1222.
Upgrading to version 42f7f36e74088036068d62253e1d8fb26605feed eliminates this vulnerability.
Product
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.4VulDB Meta Temp Score: 6.9
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: PermissionCWE: CWE-275 / CWE-266
ATT&CK: T1222
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: TOCK 42f7f36e74088036068d62253e1d8fb26605feed
Timeline
09/06/2018 🔍09/06/2018 🔍
09/06/2018 🔍
09/06/2018 🔍
05/07/2023 🔍
Sources
Advisory: 1147Status: Not defined
Confirmation: 🔍
CVE: CVE-2018-1000660 (🔍)
Entry
Created: 09/06/2018 20:49Updated: 05/07/2023 10:48
Changes: 09/06/2018 20:49 (58), 03/21/2020 08:12 (1), 05/07/2023 10:48 (4)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.