Search criteria
2 vulnerabilities by FreeRTOS
CVE-2024-38373 (GCVE-0-2024-38373)
Vulnerability from cvelistv5 – Published: 2024-06-24 16:23 – Updated: 2024-08-02 04:04
VLAI?
Summary
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1.
Severity ?
9.6 (Critical)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FreeRTOS | FreeRTOS-Plus-TCP |
Affected:
>= 4.0.0, <= 4.1.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:amazon:freertos-plus-tcp:4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freertos-plus-tcp",
"vendor": "amazon",
"versions": [
{
"lessThan": "4.1.1",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:20:06.049891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:19:11.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv"
},
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRTOS-Plus-TCP",
"vendor": "FreeRTOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c= 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T16:23:00.162Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/security/advisories/GHSA-ppcp-rg65-58mv"
},
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Plus-TCP/releases/tag/V4.1.1"
}
],
"source": {
"advisory": "GHSA-ppcp-rg65-58mv",
"discovery": "UNKNOWN"
},
"title": "FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38373",
"datePublished": "2024-06-24T16:23:00.162Z",
"dateReserved": "2024-06-14T14:16:16.466Z",
"dateUpdated": "2024-08-02T04:04:25.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28115 (GCVE-0-2024-28115)
Vulnerability from cvelistv5 – Published: 2024-03-07 20:54 – Updated: 2024-08-28 17:42
VLAI?
Summary
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
Severity ?
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FreeRTOS | FreeRTOS-Kernel |
Affected:
< 10.6.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"
},
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:freertos:freertos-kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "freertos-kernel",
"vendor": "freertos",
"versions": [
{
"lessThan": "10.6.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T19:12:30.872230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:42:09.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FreeRTOS-Kernel",
"vendor": "FreeRTOS",
"versions": [
{
"status": "affected",
"version": "\u003c 10.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T20:54:00.743Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"
},
{
"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"
}
],
"source": {
"advisory": "GHSA-xcv7-v92w-gq6r",
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-28115",
"datePublished": "2024-03-07T20:54:00.743Z",
"dateReserved": "2024-03-04T14:19:14.059Z",
"dateUpdated": "2024-08-28T17:42:09.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}