FreeRTOS, a popular real-time operating system kernel for embedded devices, is found to have 13 vulnerabilities, as reported by Bleeping Computers yesterday. A part of these 13 vulnerabilities results in flaws in its remote code execution.
FreeRTOS supports more than 40 hardware platforms and powers microcontrollers in a diverse range of products including temperature monitors, appliances, sensors, fitness trackers, and any microcontroller-based devices. Although it works at a smaller component scale, it lacks the complexity that comes with more elaborate hardware. However, it allows processing of data as it comes in.
A researcher at Zimperium, Ori Karliner, analyzed the operating system and found that all of its varieties are vulnerable to:
Here’s a full list of the vulnerabilities and their identifiers, that affect FreeRTOS:
| CVE-2018-16522 | Remote Code Execution |
| CVE-2018-16525 | Remote Code Execution |
| CVE-2018-16526 | Remote Code Execution |
| CVE-2018-16528 | Remote Code Execution |
| CVE-2018-16523 | Denial of Service |
| CVE-2018-16524 | Information Leak |
| CVE-2018-16527 | Information Leak |
| CVE-2018-16599 | Information Leak |
| CVE-2018-16600 | Information Leak |
| CVE-2018-16601 | Information Leak |
| CVE-2018-16602 | Information Leak |
| CVE-2018-16603 | Information Leak |
| CVE-2018-16598 | Other |
FreeRTOS versions up to V10.0.1, AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) are affected.
Amazon has been notified of the situation. In response to this, the company has released patches to mitigate the problems.
Per the report, “Amazon decided to become involved in the development of the product for the Internet-of-Things segment. The company extended the kernel by adding libraries to support cloud connectivity, security and over-the-air updates.”
According to Bleeping Computers, “Zimperium is not releasing any technical details at the moment. This is to allow smaller vendors to patch the vulnerabilities. The wait time expires in 30 days.”
To know more about these vulnerabilities in detail, visit the full coverage by Bleeping Computers.
NSA researchers present security improvements for Zephyr and Fucshia at Linux Security Summit 2018
How the Titan M chip will improve Android security
EFF kicks off its Coder’s Rights project with paper on protecting security researchers’ rights
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…