Cyber Security

The FreeRTOS Vulnerability Disaster

Published

3 years ago

January 6, 2022

The FreeRTOS Vulnerability Disaster- New vulnerabilities have been discovered in FreeRTOS, the open-source operating system that runs most of the small microprocessors and microcontrollers used in many IoT hardware items.

The flaws are in the TCP/IP stack, and they affect FreeRTOS.

The versions affected

FreeRTOS V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS V1.3.1, OpenRTOS, and SafeRTOS (with WHIS Connect middleware TCP/IP components) are all affected.

Why is this such a calamity?

Many IoT devices run on FreeRTOS. These gadgets are frequently low-cost and difficult to patch. Many of these gadgets, in fact, have firmware that hasn’t been updated in years.

Fitness trackers, temperature monitors, appliances, cars, door locks, water metres, and a variety of other small devices are examples of goods that use FreeRTOS. The devices that use TCP/IP are the ones that are vulnerable. This indicates that the gadgets are internet-capable.

Because these devices are connected, we can assume that they can be patched as well.

Will they, however, succeed?

Probably not. As a result, this is a vulnerability that could be exploited for years to come.

The following is a complete list of the vulnerabilities that affect FreeRTOS, along with their identifiers:

CVE-2018-16522	Remote Code Execution
CVE-2018-16525	Remote Code Execution
CVE-2018-16526	Remote Code Execution
CVE-2018-16528	Remote Code Execution
CVE-2018-16523	Denial of Service
CVE-2018-16524	Information Leak
CVE-2018-16527	Information Leak
CVE-2018-16599	Information Leak
CVE-2018-16600	Information Leak
CVE-2018-16601	Information Leak
CVE-2018-16602	Information Leak
CVE-2018-16603	Information Leak
CVE-2018-16598	Other