The official site for Saudi CERT
RTOS Alert
2741
Warning Date
Severity Level
Warning Number
Target Sector
20 April, 2022
● High
2022-4691
All
Updates on RTOS that include the following affected products:
- Amazon FreeRTOS, Version 10.4.1
- Apache Nuttx OS, Version 9.1.0
- ARM CMSIS-RTOS2, versions prior to 2.1.3
- ARM Mbed OS, Version 6.3.0
- ARM mbed-ualloc, Version 1.3.0
- BlackBerry QNX SDP Versions 6.5.0 SP1 and earlier
- BlackBerry QNX OS for Safety Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
- BlackBerry QNX OS for Medical Versions 1.1 and earlier safety products compliant with IEC 62304
- Cesanta Software Mongoose OS, v2.17.0
- eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3
- Google Cloud IoT Device SDK, Version 1.0.2
- Media Tek LinkIt SDK, versions prior to 4.6.1
- Micrium OS, Versions 5.10.1 and prior
- Micrium uC/OS: uC/LIB Versions 1.38.xx, Version 1.39.00
- NXP MCUXpresso SDK, versions prior to 2.8.2
- NXP MQX, Versions 5.1 and prior
- Redhat newlib, versions prior to 4.0.0
- RIOT OS, Version 2020.01.1
- Samsung Tizen RT RTOS, versions prior 3.0.GBB
- TencentOS-tiny, Version 3.1.0
- Texas Instruments CC32XX, versions prior to 4.40.00.07
- Texas Instruments SimpleLink MSP432E4XX
- Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00
- Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00
- Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
- Uclibc-NG, versions prior to 1.0.36
- Windriver VxWorks, prior to 7.0
- Zephyr Project RTOS, versions prior to 2.5
An attacker could exploit these vulnerabilities by doing the following:
- Buffer Overflow
- Execute arbitrary code
- Amazon FreeRTOS – Update available
- Apache Nuttx OS Version 9.1.0 – Update available
- ARM Mbed OS – Update available
- ARM mbed-ualloc – no longer supported and no fix will be issued
- Blackberry QNX 6.5.0SP1 – Update available. See public advisory
- Blackberry QNX OS for Safety 1.0.2 – Update available. See public advisory
- Blackberry QNX OS for Medical 1.1.1 – Update available. See public advisory
- Cesanta Software mongooses – Update available
- eCosCentric eCosPro RTOS: Update to Versions 4.5.4 and newer – Update available
- Google Cloud IoT Device SDK – Update available
- Micrium OS: Update to v5.10.2 or later – Update available
- Micrium uCOS: uC/LIB Versions 1.38.xx, 1.39.00: Update to v1.39.1 – Update available
- NXP MCUXpresso SDK – Update to 2.9.0 or later
- NXP MQX – update to 5.1 or newer
- Redhat newlib – Update available
- RIOT OS – Update available
- Samsung Tizen RT RTOS – Update available
- TencentOS-tiny – Update available
- Texas Instruments CC32XX – Update to v4.40.00.07
- Texas Instruments SimpleLink CC13X0 – Update to v4.10.03
- Texas Instruments SimpleLink CC13X2-CC26X2 – Update to v4.40.00
- Texas Instruments SimpleLink CC2640R2 – Update to v4.40.00
- uClibc-ng – Update available
- Hitachi Energy GMS600 – See public advisory.
- Hitachi Energy PWC600 – See public advisory.
- Hitachi Energy REB500 – See public advisory.
- Hitachi Energy Relion 670, 650 series and SAM600-IO – See public advisory
- Hitachi Energy RTU500 series CMU – Updates available for some firmware versions – See public advisory.
- Hitachi Energy Modular Switchgear Monitoring System MSM – Protect your network – See public advisory.
Rate the content
Share the page
