Multiple Vulnerabilities Found in FreeRTOS
zLabs researcher Ori Karliner has found [1] multiple critical vulnerabilities in the open source real-time embedded operating system FreeRTOS.
“During our research, we discovered multiple vulnerabilities within FreeRTOS’s TCP/IP stack and in the AWS secure connectivity modules. The same vulnerabilities are present in WHIS Connect TCP/IP component for OpenRTOS\SafeRTOS,” wrote Karliner in a blog post.
Karliner said that these vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it.
FreeRTOS is a popular option for IoT and embedded devices. It has been ported to over 40 pieces of hardware. The vulnerability affects FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS, and SafeRTOS (With WHIS Connect middleware TCP/IP components) .
zLabs informed AWS about the flaws and worked with AWS to patch these vulnerabilities. AWS has already deployed patches for AWS FreeRTOS versions 1.3.2 and onwards.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.