Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Amazon FreeRTOS 代码问题漏洞
Vulnerability Description
Amazon FreeRTOS是美国亚马逊(Amazon)公司的一套适用于微控制器的开源操作系统。 Amazon FreeRTOS 中存在代码问题漏洞,该漏洞源于产品未对xportraisprivilege和vPortResetPrivilege内部函数的调用添加有效权限。攻击者可通过该漏洞通过非内核代码调用该函数。以下产品及版本受到影响:Amazon FreeRTOS 10.2.0 至 10.4.5 版本。
CVSS Information
N/A
Vulnerability Type
N/A