CVE-2024-11263

arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y

Description

When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.

INFO

Published Date :

2024-11-15T22:53:58.593Z

Last Modified :

2024-11-18T17:45:21.489Z

Source :

zephyr

AFFECTED PRODUCTS

The following products are affected by CVE-2024-11263 vulnerability.

Vendors	Products
Zephyrproject	Zephyr
Zephyrproject-rtos	Zephyr

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11263.

URL	Resource
https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-jjf3-7x72-pqm9

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact