| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | Azure Sphere | Critical | 23-04-2021 |
Technical Information
Brief overview of the risk:
A code execution vulnerability exists in Azure Sphere’s pwm_ioctl_apply_state, which is an Azure’s kernel functionality. A specially crafted IOCTL can be used by an attacker to exploit this vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the logged on user.
Further information on this vulnerability is available at : CVE-2021-28460