Impact
FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. configENABLE_MPU set to 1). These issues are fixed in V10.6.2 with a new MPU wrapper. A threat model detailing these issues and corresponding mitigations is also published.
References
Credits
- David Reiss of Meta Platforms, Inc.
- Lan Luo, Zixia Liu of School of Computer Science and Technology, Anhui University of Technology, China.
- Xinwen Fu of Department of Computer Science, University of Massachusetts Lowell, USA.
- Xinhui Shao, Yumeng Wei, Huaiyu Yan, Zhen Ling of School of Computer Science and Engineering, Southeast University, China.
- Yuequi Chen, Zicheng Wang, Minghao Lin of University of Colorado Boulder, USA.
Impact
FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e.
configENABLE_MPUset to 1). These issues are fixed in V10.6.2 with a new MPU wrapper. A threat model detailing these issues and corresponding mitigations is also published.References
Credits