The FreeRTOS Vulnerability Disaster- New vulnerabilities have been discovered in FreeRTOS, the open-source operating system that runs most of the small microprocessors and microcontrollers used in many IoT hardware items.
The flaws are in the TCP/IP stack, and they affect FreeRTOS.
The versions affected
FreeRTOS V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS V1.3.1, OpenRTOS, and SafeRTOS (with WHIS Connect middleware TCP/IP components) are all affected.
Why is this such a calamity?
Many IoT devices run on FreeRTOS. These gadgets are frequently low-cost and difficult to patch. Many of these gadgets, in fact, have firmware that hasn’t been updated in years.
Fitness trackers, temperature monitors, appliances, cars, door locks, water metres, and a variety of other small devices are examples of goods that use FreeRTOS. The devices that use TCP/IP are the ones that are vulnerable. This indicates that the gadgets are internet-capable.
Because these devices are connected, we can assume that they can be patched as well.
Will they, however, succeed?
Probably not. As a result, this is a vulnerability that could be exploited for years to come.
The following is a complete list of the vulnerabilities that affect FreeRTOS, along with their identifiers:
|CVE-2018-16522||Remote Code Execution|
|CVE-2018-16525||Remote Code Execution|
|CVE-2018-16526||Remote Code Execution|
|CVE-2018-16528||Remote Code Execution|
|CVE-2018-16523||Denial of Service|