freertos security vulnerabilities
FreeRTOS, an open-source operating system that powers many IoT hardware products’ microprocessors and controllers, has been exposed to new vulnerabilities.
These vulnerabilities affect FreeRTOS through the TCP/IP stack.
Versions affected
Versions affected include FreeRTOS V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS V1.3.1, OpenRTOS, and SafeRTOS (with WHIS Connect middleware components TCP/IP).
This is why it’s a disaster
Many IoT devices use FreeRTOS. These devices can be difficult to patch and are often very inexpensive. Many of these devices are not updated in years.
FreeRTOS products include temperature monitors, fitness trackers and appliances. TCP/IP is the most vulnerable protocol. These devices are able to connect to the internet.
We know these devices are connected so we can conclude they can be patched.
But they will.
Most likely not. This vulnerability has the potential to potentially be exploited for many years.
Here is the full list of vulnerabilities and their identifiers that affect FreeRTOS.
| CVE-2018-16522 | Remote Code Execution |
| CVE-2018-16525 | Remote Code Execution |
| CVE-2018-16526 | Remote Code Execution |
| CVE-2018-16528 | Remote Code Execution |
| CVE-2018-16523 | Denial Of Service |
| CVE-2018-16524 | Information Leak |
| CVE-2018-16527 | Information Leak |
| CVE-2018-16599 | Information Leak |
| CVE-2018-16600 | Information Leak |
| CVE-2018-16601 | Information Leak |
| CVE-2018-16602 | Information Leak |
| CVE-2018-16603 | Information Leak |
| CVE-2018-16598 | Other |
