PT-2022-9809 · Micrium · Micrium Os

Published

2022-05-03

Updated

2022-05-12

CVE-2021-27411

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Micrium OS versions 5.10.1 and prior

Description The issue is related to integer wrap-around in functions Mem DynPoolCreate, Mem DynPoolCreateHW, and Mem PoolCreate. This can lead to unverified memory assignment, resulting in arbitrary memory allocation and unexpected behavior, such as allocating very small blocks of memory instead of very large ones.

Recommendations For Micrium OS versions 5.10.1 and prior, consider disabling the functions Mem DynPoolCreate, Mem DynPoolCreateHW, and Mem PoolCreate until a patch is available to prevent arbitrary memory allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2021-27411

Affected Products

Micrium Os

PT-2022-9809 · Micrium · Micrium Os

CVE-2021-27411

Weakness Enumeration

Related Identifiers

Affected Products

References · 5