CVE-2019-18178

Name of the Vulnerable Software and Affected Versions Real Time Engineers FreeRTOS+FAT version 160919a

Description The issue is related to a use after free error. The function FF Close() is defined in the file ff file.c. The file handler pxFile is freed by ffconfigFREE, which by default is a macro definition of vPortFree(). However, the freed pxFile is reused to flush modified file content from the cache to disk by the function FF FlushCache().

Recommendations For Real Time Engineers FreeRTOS+FAT version 160919a, consider disabling the FF FlushCache() function until a patch is available to prevent the reuse of the freed pxFile handler. Restrict access to the ff file.c module to minimize the risk of exploitation. Avoid using the pxFile handler in the affected FF Close() function until the issue is resolved.