Search

Memory allocation vulnerabilities of multiple real-time operating systems and libraries

Canon Medical Systems Security Advisory

Overview:
It was announced that there are security vulnerabilities in multiple real-time operating systems (RTOS) and supporting libraries. These vulnerabilities are also tracked as the name BadAlloc. The following RTOS and libraries were discovered to have memory allocation vulnerabilities related to the implementation which have not incorporated proper input validations. Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device.

Amazon FreeRTOS, Version 10.4.1
Apache Nuttx OS, Version 9.1.0
ARM CMSIS-RTOS2, versions prior to 2.1.3
ARM Mbed OS, Version 6.3.0
ARM mbed-ualloc, Version 1.3.0
Cesanta Software Mongoose OS, v2.17.0
eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3
Google Cloud IoT Device SDK, Version 1.0.2
Linux Zephyr RTOS, versions prior to 2.4.0
Media Tek LinkIt SDK, versions prior to 4.6.1
Micrium OS, Versions 5.10.1 and prior
Micrium uCOS II/uCOS III Versions 1.39.0 and prior
NXP MCUXpresso SDK, versions prior to 2.8.2
NXP MQX, Versions 5.1 and prior
Redhat newlib, versions prior to 4.0.0
RIOT OS, Version 2020.01.1
Samsung Tizen RT RTOS, versions prior 3.0.GBB
TencentOS-tiny, Version 3.1.0
Texas Instruments CC32XX, versions prior to 4.40.00.07
Texas Instruments SimpleLink MSP432E4XX
Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00
Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00
Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
Uclibc-NG, versions prior to 1.0.36
Windriver VxWorks, prior to 7.0
Micrium uC/LIB Version 1.38.xx, Version 1.39.00
Zephyr Project RTOS, versions prior to 2.5

Vulnerability Overview:

CVE ID	Affected RTOS/libraries	Description	CVSS v3
CVE-2021-30636	Media Tek LinkIt SDK versions prior to 4.6.1	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27431	ARM CMSIS RTOS2 versions prior to 2.1.3	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27433	ARM mbed-ualloc memory library Version 1.3.0	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27435	ARM mbed product Version 6.3.0	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27427	RIOT OS Versions 2020.01.1	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-22684	Samsung Tizen RT RTOS version 3.0.GBB	CWE-190: Integer Overflow or Wraparound	3.2
CVE-2021-27439	TencentOS-tiny Version 3.1.0	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27425	Cesanta Software Mongoose-OS v2.17.0	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-26461	Apache Nuttx OS Version 9.1.0	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2020-35198 CVE-2020-28895	Wind River VxWorks several versions prior to 7.0 firmware	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-31571 CVE-2021-31572	Amazon FreeRTOS Version 10.4.1	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27417	eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3	CWE-190: Integer Overflow or Wraparound	4.6
CVE-2021-3420	Redhat newlib versions prior to 4.0.0	CWE-190: Integer Overflow or Wraparound	9.8
CVE-2021-27421	NXP MCUXpresso SDK versions prior to 2.8.2	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-22680	NXP MQX Versions 5.1 and prior	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27419	uClibc-ng versions prior to 1.0.37	CWE-190: Integer Overflow or Wraparound	7.3
CVE-2021-27429	Texas Instruments TI-RTOS	CWE-190: Integer Overflow or Wraparound	7.4
CVE-2021-22636	Texas Instruments TI-RTOS	CWE-190: Integer Overflow or Wraparound	7.4
CVE-2021-27504	Texas Instruments devices running FREERTOS	CWE-190: Integer Overflow or Wraparound	7.4
CVE-2021-27502	Texas Instruments TI-RTOS	CWE-190: Integer Overflow or Wraparound	7.4
(waiting for a CVE ID to be assigned)	Google Cloud IoT Device SDK Version 1.0.2	CWE-190: Integer Overflow or Wraparound	-
CVE-2021-27411	Micrium OS Versions 5.10.1 and prior	CWE-190: Integer Overflow or Wraparound	6.5
CVE-2021-26706	Micrium uC/LIB Versions 1.38.xx, 1.39.00	CWE-190: Integer Overflow or Wraparound	7.5
CVE-2021-27407	Micrium uCOS-II and uCOS-III Versions 1.39.0 and prior	CWE-190: Integer Overflow or Wraparound	6.5
CVE-2020-13603	Zephyr Project RTOS versions prior to 2.5	CWE-190: Integer Overflow or Wraparound	6.9

Possible Affected Canon Medical Systems Products:
Some of Canon medical imaging devices are using VxWorks whose version is prior to 7.0, but it is used in internal components and it is not connected to customer network. Canon Medical Systems Corporation is not using other reported RTOS and libraries in its products. Canon Medical Systems Corporation is currently investigating whether there is any impact to third party components used in the products. If any impact is found, it will be informed to customer immediately.

Windriver VxWorks, prior to 7.0

Affected Canon Medical Systems Products
・ None

Canon Medical Products under investigation
・ None

Resolution:
・ None

Due to medical device regulatory reasons, not all products/service displayed on this webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Group representative for further details.

Development and manufacturing functions of Canon Medical Systems Corporation have been transferred to CANON INC. In this website, any reference to “Canon Medical Systems Corporation” refers to “CANON INC.”