CVE-2020-10072

MEDIUM

zephyr >=1.14.2, >=2.2.0 - Privilege Escalation

Title source: llm

Description

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc

References (1)

[Third Party Advisory] http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-vf79-hqwm-w4xc

Scores

CVSS v3 5.9

EPSS 0.0004

EPSS Percentile 10.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-280

Status published

Products (1)

zephyrproject/zephyr < 1.14.2

Published May 25, 2021

Tracked Since Feb 18, 2026