Commit 7aa7e894 authored by Flavio Ceolin's avatar Flavio Ceolin Committed by Mahesh Mahadevan
Browse files

doc: security: Disclose CVE-2024-11263 



Disclose information about published CVE

Signed-off-by: default avatarFlavio Ceolin <flavio.ceolin@gmail.com>
parent 275f4473

doc/security/vulnerabilities.rst

+19 −0
Original line number Diff line number Diff line
@@ -1794,3 +1794,22 @@ Under embargo until 2024-11-22 
-----------------



Under embargo until 2025-01-23



:cve:`2024-11263`

-----------------



arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y



A rogue thread can corrupt the gp reg and cause the entire system to hard fault at best, at worst,

it can potentially trick the system to access another set of random global symbols.



- `Zephyr project bug tracker GHSA-jjf3-7x72-pqm9

  <https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9>`_



This has been fixed in main for v4.0.0



- `PR 81155 fix for main

  <https://github.com/zephyrproject-rtos/zephyr/pull/81155>`_



- `PR 81370 fix for 3.7

  <https://github.com/zephyrproject-rtos/zephyr/pull/81370>`_

CRA Git | Maintained and supported by SUSTech CRA and CCSE