Multiple RTOS (Update B)

May 22, 2021 08:00 am Cyber Security 407

1. EXECUTIVE SUMMARY


  • CVSS v3 9.8

  • ATTENTION: Exploitable remotely/low attack complexity

  • Vendors: Multiple

  • Equipment: Multiple

  • Vulnerabilities: Integer Overflow or Wraparound

    • CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.


    The various open-source products may be implemented in forked repositories. 


    2. UPDATE INFORMATION


    This updated advisory is a follow-up to the original advisory titled ICSA-21-119-04 Multiple RTOS that was published April 29, 2021, to the ICS webpage on us-cert.cisa.gov.


    3. RISK EVALUATION


    Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. 


    4. TECHNICAL DETAILS


    4.1 AFFECTED PRODUCTS


  • Amazon FreeRTOS, Version 10.4.1

  • Apache Nuttx OS, Version 9.1.0 

  • ARM CMSIS-RTOS2, versions prior to 2.1.3

  • ARM Mbed OS, Version 6.3.0

  • ARM mbed-ualloc, Version 1.3.0

  • Cesanta Software Mongoose OS, v2.17.0

  • eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3

  • Google Cloud IoT Device SDK, Version 1.0.2

  • Linux Zephyr RTOS, versions prior to 2.4.0

  • Media Tek LinkIt SDK, versions prior to 4.6.1

  • Micrium OS, Versions 5.10.1 and prior

    • --------- Begin Update B Part 1 of 3 ---------


  • Micrium uCOS II/uCOS III Versions 1.39.0 and prior

  • Micrium uC/OS: uC/LIB Versions 1.38.xx, Version 1.39.00

    • --------- End Update B Part 1 of 3 ---------


  • Micrium uCOS II/uCOS III Versions 1.39.0 and prior

  • NXP MCUXpresso SDK, versions prior to 2.8.2

  • NXP MQX, Versions 5.1 and prior

  • Redh ..

    Support the originator by clicking the read the rest link below.
    • multiple update
    Read The Rest from the original source
    us-cert.cisa.gov

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!