The FreeRTOS Vulnerability Disaster

Internet of things

The FreeRTOS Vulnerability Disaster- New vulnerabilities have been discovered in FreeRTOS, the open-source operating system that runs most of the small microprocessors and microcontrollers used in many IoT hardware items.

The flaws are in the TCP/IP stack, and they affect FreeRTOS.

The versions affected

FreeRTOS V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS V1.3.1, OpenRTOS, and SafeRTOS (with WHIS Connect middleware TCP/IP components) are all affected.

Why is this such a calamity?

Many IoT devices run on FreeRTOS. These gadgets are frequently low-cost and difficult to patch. Many of these gadgets, in fact, have firmware that hasn’t been updated in years.

Fitness trackers, temperature monitors, appliances, cars, door locks, water metres, and a variety of other small devices are examples of goods that use FreeRTOS. The devices that use TCP/IP are the ones that are vulnerable. This indicates that the gadgets are internet-capable.

Because these devices are connected, we can assume that they can be patched as well.

Will they, however, succeed?

Probably not. As a result, this is a vulnerability that could be exploited for years to come.

The following is a complete list of the vulnerabilities that affect FreeRTOS, along with their identifiers:

CVE-2018-16522Remote Code Execution
CVE-2018-16525Remote Code Execution
CVE-2018-16526Remote Code Execution
CVE-2018-16528Remote Code Execution
CVE-2018-16523Denial of Service
CVE-2018-16524Information Leak
CVE-2018-16527Information Leak
CVE-2018-16599Information Leak
CVE-2018-16600Information Leak
CVE-2018-16601Information Leak
CVE-2018-16602Information Leak
CVE-2018-16603Information Leak


Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.