CVE-2021-26706

Name of the Vulnerable Software and Affected Versions Micrium uC/OS uC/LIB versions 1.38.x through 1.39.00

Description An issue was discovered in the memory allocation functions Mem PoolCreate, Mem DynPoolCreate, and Mem DynPoolCreateHW in lib mem.c. These functions do not check for integer overflow when allocating a pool whose size exceeds the address space, which can cause an integer overflow if the arguments are large enough. The resulting memory pool will be smaller than expected and may be exploited by an attacker.

Recommendations For Micrium uC/OS uC/LIB versions 1.38.x through 1.39.00, consider disabling the Mem PoolCreate, Mem DynPoolCreate, and Mem DynPoolCreateHW functions until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.