<< Back
CVE Number Vulnerability Product Severity Date
CVE-2021-28460 Azure Sphere Unsigned Code Execution Vulnerability Azure Sphere Critical 23-04-2021

Technical Information

Brief overview of the risk:

A code execution vulnerability exists in Azure Sphere’s pwm_ioctl_apply_state, which is an Azure’s kernel functionality. A specially crafted IOCTL can be used by an attacker to exploit this vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the logged on user.

Further information on this vulnerability is available at : CVE-2021-28460

Affected Software

Azure Sphere