Skip to content

Commit 7aa7e89

Browse files
ceolinmmahadevan108
ceolin
authored and
mmahadevan108
committed
doc: security: Disclose CVE-2024-11263
Disclose information about published CVE Signed-off-by: Flavio Ceolin <[email protected]>
1 parent 275f447 commit 7aa7e89

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

doc/security/vulnerabilities.rst

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1794,3 +1794,22 @@ Under embargo until 2024-11-22
17941794
-----------------
17951795

17961796
Under embargo until 2025-01-23
1797+
1798+
:cve:`2024-11263`
1799+
-----------------
1800+
1801+
arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y
1802+
1803+
A rogue thread can corrupt the gp reg and cause the entire system to hard fault at best, at worst,
1804+
it can potentially trick the system to access another set of random global symbols.
1805+
1806+
- `Zephyr project bug tracker GHSA-jjf3-7x72-pqm9
1807+
<https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9>`_
1808+
1809+
This has been fixed in main for v4.0.0
1810+
1811+
- `PR 81155 fix for main
1812+
<https://github.com/zephyrproject-rtos/zephyr/pull/81155>`_
1813+
1814+
- `PR 81370 fix for 3.7
1815+
<https://github.com/zephyrproject-rtos/zephyr/pull/81370>`_

0 commit comments

Comments
 (0)