CVE-2021-43997

Name of the Vulnerable Software and Affected Versions: FreeRTOS versions 10.2.0 through 10.4.5 FreeRTOS versions through 10.4.6

Description: The issue affects FreeRTOS on ARMv7-M and ARMv8-M MPU platforms, where non-kernel code can call internal functions to raise privilege. This can lead to privilege escalation by a third party that has already gained the ability to execute injected code. The issue is fixed in version 10.5.0 and in version 10.4.3-LTS Patch 3 for the LTS branch.

Recommendations: For FreeRTOS versions 10.2.0 through 10.4.5, update to version 10.5.0 or apply the patch from version 10.4.3-LTS Patch 3 to fix the issue. For FreeRTOS versions through 10.4.6, update to version 10.5.0 to prevent further privilege escalation. As a temporary workaround, consider restricting access to the xPortRaisePrivilege and vPortResetPrivilege internal functions until a patch is available.