Multiple IoT devices affected by BadAlloc Vulnerabilities

Threat Advisories

Multiple IoT devices affected by BadAlloc Vulnerabilities

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here.

More than 25 vulnerabilities have been found in multiple IoT and OT devices which have been collectively named as BadAlloc Vulnerabilities. These Vulnerabilities reside in the standard memory allocation functions that are used in RTOS(real-time operating systems), SDKs(Software development kits) and C standard library implementations. These vulnerabilities could be easily exploited by attackers by executing malicious code and trigger DoS conditions. However, none of these vulnerabilities have been exploited as of now.

Vulnerability Details

For details, please refer to the pdf version of the advisory here

Patch Links

https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/224
https://github.com/apache/incubator-nuttx
https://github.com/ARMmbed/mbed-os/pull/14408
https://github.com/cesanta/mongoose-os
https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437
https://github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/pull/119/files
https://www.silabs.com/developers/micrium-os
https://mcuxpresso.nxp.com/en/welcome
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git
https://github.com/RIOT-OS/RIOT
https://github.com/Samsung/TizenRT
https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html
https://downloads.uclibc-ng.org/releases/
References