Memory allocation vulnerabilities of multiple real-time operating systems and libraries
Canon Medical Systems Security Advisory
Overview:
It was announced that there are security vulnerabilities in multiple real-time operating systems (RTOS) and supporting libraries. These vulnerabilities are also tracked as the name BadAlloc. The following RTOS and libraries were discovered to have memory allocation vulnerabilities related to the implementation which have not incorporated proper input validations. Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device.
- Amazon FreeRTOS, Version 10.4.1
- Apache Nuttx OS, Version 9.1.0
- ARM CMSIS-RTOS2, versions prior to 2.1.3
- ARM Mbed OS, Version 6.3.0
- ARM mbed-ualloc, Version 1.3.0
- Cesanta Software Mongoose OS, v2.17.0
- eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3
- Google Cloud IoT Device SDK, Version 1.0.2
- Linux Zephyr RTOS, versions prior to 2.4.0
- Media Tek LinkIt SDK, versions prior to 4.6.1
- Micrium OS, Versions 5.10.1 and prior
- Micrium uCOS II/uCOS III Versions 1.39.0 and prior
- NXP MCUXpresso SDK, versions prior to 2.8.2
- NXP MQX, Versions 5.1 and prior
- Redhat newlib, versions prior to 4.0.0
- RIOT OS, Version 2020.01.1
- Samsung Tizen RT RTOS, versions prior 3.0.GBB
- TencentOS-tiny, Version 3.1.0
- Texas Instruments CC32XX, versions prior to 4.40.00.07
- Texas Instruments SimpleLink MSP432E4XX
- Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00
- Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00
- Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
- Uclibc-NG, versions prior to 1.0.36
- Windriver VxWorks, prior to 7.0
- Micrium uC/LIB Version 1.38.xx, Version 1.39.00
- Zephyr Project RTOS, versions prior to 2.5
| CVE ID | Affected RTOS/libraries | Description | CVSS v3 |
| CVE-2021-30636 | Media Tek LinkIt SDK versions prior to 4.6.1 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27431 | ARM CMSIS RTOS2 versions prior to 2.1.3 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27433 | ARM mbed-ualloc memory library Version 1.3.0 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27435 | ARM mbed product Version 6.3.0 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27427 | RIOT OS Versions 2020.01.1 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-22684 | Samsung Tizen RT RTOS version 3.0.GBB | CWE-190: Integer Overflow or Wraparound | 3.2 |
| CVE-2021-27439 | TencentOS-tiny Version 3.1.0 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27425 | Cesanta Software Mongoose-OS v2.17.0 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-26461 | Apache Nuttx OS Version 9.1.0 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2020-35198
CVE-2020-28895 |
Wind River VxWorks several versions prior to 7.0 firmware | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-31571
CVE-2021-31572 |
Amazon FreeRTOS Version 10.4.1 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27417 | eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 | CWE-190: Integer Overflow or Wraparound | 4.6 |
| CVE-2021-3420 | Redhat newlib versions prior to 4.0.0 | CWE-190: Integer Overflow or Wraparound | 9.8 |
| CVE-2021-27421 | NXP MCUXpresso SDK versions prior to 2.8.2 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-22680 | NXP MQX Versions 5.1 and prior | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27419 | uClibc-ng versions prior to 1.0.37 | CWE-190: Integer Overflow or Wraparound | 7.3 |
| CVE-2021-27429 | Texas Instruments TI-RTOS | CWE-190: Integer Overflow or Wraparound | 7.4 |
| CVE-2021-22636 | Texas Instruments TI-RTOS | CWE-190: Integer Overflow or Wraparound | 7.4 |
| CVE-2021-27504 | Texas Instruments devices running FREERTOS | CWE-190: Integer Overflow or Wraparound | 7.4 |
| CVE-2021-27502 | Texas Instruments TI-RTOS | CWE-190: Integer Overflow or Wraparound | 7.4 |
| (waiting for a CVE ID to be assigned) | Google Cloud IoT Device SDK Version 1.0.2 | CWE-190: Integer Overflow or Wraparound | - |
| CVE-2021-27411 | Micrium OS Versions 5.10.1 and prior | CWE-190: Integer Overflow or Wraparound | 6.5 |
| CVE-2021-26706 | Micrium uC/LIB Versions 1.38.xx, 1.39.00 | CWE-190: Integer Overflow or Wraparound | 7.5 |
| CVE-2021-27407 | Micrium uCOS-II and uCOS-III Versions 1.39.0 and prior | CWE-190: Integer Overflow or Wraparound | 6.5 |
| CVE-2020-13603 | Zephyr Project RTOS versions prior to 2.5 | CWE-190: Integer Overflow or Wraparound | 6.9 |
Possible Affected Canon Medical Systems Products:
Some of Canon medical imaging devices are using VxWorks whose version is prior to 7.0, but it is used in internal components and it is not connected to customer network. Canon Medical Systems Corporation is not using other reported RTOS and libraries in its products. Canon Medical Systems Corporation is currently investigating whether there is any impact to third party components used in the products. If any impact is found, it will be informed to customer immediately.
- Windriver VxWorks, prior to 7.0
Affected Canon Medical Systems Products
・ None
Canon Medical Products under investigation
・ None
Resolution:
・ None
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
