CVE-2020-10072: 
NixOS vulnerability analysis and mitigation

Improper Handling of Insufficient Permissions or Privileges in Zephyr versions >= v1.14.2 and >= v2.2.0. The vulnerability allows any thread running on the system to read/write a socket file descriptor knowing only the numerical value of the file descriptor, due to lack of management of permissions to network socket API file descriptors (Zephyr Advisory).

The vulnerability stems from changes in socket code implementation where regular integers were used as file descriptors with associated netcontexts looked up in a table. This removed the ZSYSCALLOBJ() calls which previously verified access to file descriptors. The issue originated when netcontext objects tracked as kernel objects (KOBJNET_CONTEXT) were changed, removing the permission verification system. The CVSS v3.1 base score is 5.3 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) (NVD).

The vulnerability allows unauthorized access to socket file descriptors, potentially compromising the system's security by allowing any thread to manipulate any file descriptor. This affects the confidentiality, integrity, and availability of the system at a low level (Zephyr Advisory).

The issue has been fixed in Zephyr master branch via PR #25804 and in v1.14 via PR #27176. For v2.2, no more releases are planned. The fix involves restoring net_context to kernel object status and implementing permission verification after file descriptor lookup in system calls (Zephyr Advisory).