CVE-2020-35609

Published: Dec 22, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability.

Affected (1)

Products: Microsoft: Azure Sphere

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Azure Sphere	Version 20.05

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (4)

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1117

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1117

Source: cve@mitre.org

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1117

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1117

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.