17 matches found
CVE-2024-28115
CVE-2024-28115 concerns FreeRTOS Kernel versions through 10.6.1, where local privilege escalation is possible via Return Oriented Programming if code injection/execution is possible. Affected are ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled (configENABLE_MPU=1). The issue is fixed...
CVE-2021-43997
CVE-2021-43997 affects FreeRTOS ARMv7-M and ARMv8-M MPU ports. Versions 10.2.0–10.4.5 allow non‑kernel code to call the internal xPortRaisePrivilege function to raise privilege; versions up to 10.4.6 can enable a second‑stage privilege escalation if injected code branches inside an MPU API wrappe...
CVE-2018-16523
The CVE-2018-16523 issue affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP) and the WHIS Connect TCP/IP module, caused by a division by zero in prvCheckOptions within the TCP/IP stack. ThreatPost and related sources confirm the vulnerability exists in the FreeRTOS TC...
CVE-2021-32020
CVE-2021-32020 affects the kernel of Amazon Web Services FreeRTOS prior to 10.4.3, where insufficient bounds checking during heap memory management is the root cause. The issue is exploitable over a network with low attack complexity and no authentication, and it carries high potential impact to ...
CVE-2018-16527
The CVE-2018-16527 issue affects AWS FreeRTOS up to v1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and WHIS Connect middleware; it is an information disclosure vulnerability in prvProcessICMPPacket during ICMP packet parsing. The underlying cause is in the TCP/IP stack and associated conne...
CVE-2021-31572
CVE-2021-31572 affects Amazon FreeRTOS kernel prior to 10.4.3. The issue is an integer overflow in stream_buffer.c within the stream buffer code, which can lead to memory-related issues on affected devices. The vulnerability has a high severity (CVSS v3.1 base score 9.8, network attack, no user i...
CVE-2021-31571
CVE-2021-31571 affects Amazon FreeRTOS prior to 10.4.3, where an integer overflow in queue.c during queue creation can lead to memory corruption. Red Hat and CNVD entries corroborate the same vulnerability in AWS FreeRTOS. The issue is rooted in queue creation logic; the impact is memory corrupti...
CVE-2018-16600
CVE-2018-16600 involves an out-of-bounds memory access during ARP packet parsing in eARPProcessPacket. Affected products include AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect TCP/IP component. The issue enables information disclosure. The provi...
CVE-2018-16602
The CVE-2018-16602 entry concerns AWS FreeRTOS (and related FreeRTOS+TCP/OpenWHIS) through 1.3.1 and FreeRTOS up to 10.0.1 with FreeRTOS+TCP, plus WITTENSTEIN WHIS Connect middleware. The issue is an Out-of-bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies, which can ...
CVE-2018-16524
CVE-2018-16524 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WITTENSTEIN WHIS Connect TCP/IP component. It enables information disclosure during parsing of TCP options in prvCheckOptions. Impact is information exposure; remediation is to update to AWS Free...
CVE-2018-16598
The CVE-2018-16598 issue affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to v10.0.1 with FreeRTOS+TCP) and the WHIS Connect TCP/IP component. The vulnerability is that in xProcessReceivedUDPPacket and prvParseDNSReply, any DNS response is accepted without confirming it matches a sent DNS reques...
CVE-2018-16599
Technical details for CVE-2018-16599 are not publicly available in the provided connected documents; monitor for updates.
CVE-2018-16526
CVE-2018-16526 affects AWS FreeRTOS up to v1.3.1, FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), and the WHIS Connect TCP/IP component. The root cause is a buffer overflow during generation of a protocol checksum in two functions: usGenerateProtocolChecksum and prvProcessIPPacket , enabling remote a...
CVE-2018-16601
CVE-2018-16601 affects AWS FreeRTOS up to 1.3.1, FreeRTOS up to v10.0.1 with FreeRTOS+TCP, and the WHIS Connect TCP/IP component. A crafted IP header can trigger a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution. Public details in the ...
CVE-2021-27504
CVE-2021-27504 describes an integer overflow in malloc within the TI TI-RTOS/FreeRTOS stack (TI-RTOS-MCU). When malloc is fed extremely large values, it returns a pointer to a small buffer, enabling code execution. Affected products include Texas Instruments TI-RTOS/MCU and FreeRTOS components us...
CVE-2018-16603
CVE-2018-16603 affects AWS FreeRTOS up to v1.3.1 and FreeRTOS up to v10.0.1 (with FreeRTOS+TCP), plus the WHIS Connect TCP/IP component. The issue is an out-of-bounds access in the TCP stack: processing received TCP packets can leak data by corrupting access to TCP source/destination port fields ...
CVE-2018-16525
This CVE affects AWS FreeRTOS up to 1.3.1 (and FreeRTOS up to V10.0.1 with FreeRTOS+TCP) and WITTENSTEIN WHIS Connect TCP/IP. Root cause: a Buffer Overflow during DNS/LLMNR packet parsing in prvParseDNSReply. Impact: allows remote attackers to execute arbitrary code or leak information. Affected ...