RTOS Updates
1985Warning Date
Severity Level
Warning Number
Target Sector
2 December, 2021
● High
2021-3966
All
Description:
Cisco has released security updates to address several vulnerabilities in products under the following Cisco categories:
- Amazon FreeRTOS
- Version 10.4.1
- Apache Nuttx OS
- Version 9.1.0
- ARM CMSIS-RTOS2
- versions prior to 2.1.3
- ARM Mbed OS
- Version 6.3.0
- ARM mbed-ualloc
- Version 1.3.0
- BlackBerry QNX SDP
- Versions 6.5.0 SP1 and earlier
- BlackBerry QNX OS for Safety
- Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
- BlackBerry QNX OS for Medical
- Versions 1.1 and earlier safety products compliant with IEC 62304
- Cesanta Software Mongoose OS
- v2.17.0
- eCosCentric eCosPro RTOS
- Versions 2.0.1 through 4.5.3
- Google Cloud IoT Device SDK
- Version 1.0.2
- Media Tek LinkIt SDK
- versions prior to 4.6.1
- Micrium OS
- Versions 5.10.1 and prior
- Micrium uC/OS: uC/LIB
- Versions 1.38.xx
- Version 1.39.00
- NXP MCUXpresso SDK
- versions prior to 2.8.2
- NXP MQX
- Versions 5.1 and prior
- Redhat newlib
- versions prior to 4.0.0
- RIOT OS
- Version 2020.01.1
- Samsung Tizen RT RTOS
- versions prior 3.0.GBB
- TencentOS-tiny
- Version 3.1.0
- Texas Instruments CC32XX
- versions prior to 4.40.00.07
- Texas Instruments SimpleLink MSP432E4XX
- Texas Instruments SimpleLink-CC13XX
- versions prior to 4.40.00
- Texas Instruments SimpleLink-CC26XX
- versions prior to 4.40.00
- Texas Instruments SimpleLink-CC32XX
- versions prior to 4.10.03
- Uclibc-NG
- versions prior to 1.0.36
- Windriver VxWorks
- prior to 7.0
- Zephyr Project RTOS
- versions prior to 2.5
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Code injection
- Buffer Overflow
- Execute arbitrary code remotely
- Memory corruption
Best practice and Recommendations:
- Amazon FreeRTOS – Update available
- Apache Nuttx OS Version 9.1.0 – Update available
- ARM CMSIS-RTOS2 – Update in progress, expected in June
- ARM Mbed OS – Update available
- ARM mbed-ualloc – no longer supported and no fix will be issued
- Blackberry QNX 6.5.0SP1 – Update available. See public advisory
- Blackberry QNX OS for Safety 1.0.2 – Update available. See public advisory
- Blackberry QNX OS for Medical 1.1.1 – Update available. See public advisory
- Cesanta Software mongooses – Update available
- eCosCentric eCosPro RTOS: Update to Versions 4.5.4 and newer – Update available
- Google Cloud IoT Device SDK – Update available
- Media Tek LinkIt SDK – MediaTek will provide the update to users. No fix for free version, as it is not intended for production use.
- Micrium OS: Update to v5.10.2 or later – Update available
- Micrium uCOS: uC/LIB Versions 1.38.xx, 1.39.00: Update to v1.39.1 – Update available
- NXP MCUXpresso SDK – Update to 2.9.0 or later
- NXP MQX – update to 5.1 or newer
- Redhat newlib – Update available
- RIOT OS – Update available
- Samsung Tizen RT RTOS – Update available
- TencentOS-tiny – Update available
- Texas Instruments CC32XX – Update to v4.40.00.07
- Texas Instruments SimpleLink CC13X0 – Update to v4.10.03
- Texas Instruments SimpleLink CC13X2-CC26X2 – Update to v4.40.00
- Texas Instruments SimpleLink CC2640R2 – Update to v4.40.00
- Texas Instruments SimpleLink MSP432E4 – Confirmed. No update currently planned
- uClibc-ng – Update available
- Windriver VxWorks – Update in progress