Description
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Arm / CMSIS RTOS2unspecified – 2.1.3
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04