Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update request Critical Security Vulnerabilities in FreeRTOS v10.3.1 (CVE-2021-32020, CVE-2021-31572.) #98

Open
eduardoaugustojulio opened this issue Jan 15, 2025 · 4 comments
Open

Update request Critical Security Vulnerabilities in FreeRTOS v10.3.1 (CVE-2021-32020, CVE-2021-31572.) #98

eduardoaugustojulio opened this issue Jan 15, 2025 · 4 comments
Assignees
@ALABSTM
Labels
bug Something isn't working internal bug tracker Issue confirmed and logged into the internal bug tracking system mw Middleware-related issue or pull-request. rtos Real-Time Operating System spotted before customer Spotted internally before being pointed out by the user but not yet fixed or published

Comments

@eduardoaugustojulio
Copy link

Caution

The Issues are strictly limited for the reporting of problems encountered with the software provided in this project.

For any other problem related to the STM32 product, the performance, the hardware characteristics and boards, the tools, or the environment in general, please post a topic in the ST Community/STM32 MCUs forum.

Describe the set-up

  • Board: Custom board using the STM32L476.

  • IDE/Compiler: STM32CubeIDE version 1.17.0 with STM32Cube MCU Package for STM32L4 Series 1.18.1.

Describe the bug

The STM32Cube MCU Package for STM32L4 Series 1.18.1 uses FreeRTOS v10.3.1, which is affected by the following critical security vulnerabilities:

  1. CVE-2021-32020: Insufficient bounds checking during management of heap memory.

  2. CVE-2021-31572: Integer overflow in stream_buffer.c for a stream buffer.

  3. CVE-2021-31571: Integer overflow in queue.c for queue creation.

  4. CVE-2021-43997: Lack of prevention for non-kernel code from calling xPortRaisePrivilege to raise privilege.

These vulnerabilities pose significant risks, including unauthorized access, application instability, and denial of service.

How To Reproduce

  1. Global Behavior: The project demonstrates standard FreeRTOS-based multitasking behavior on STM32 boards.

  2. Suspected Modules: FreeRTOS kernel, stream_buffer, queue, xPortRaisePrivilege management, and memory handling.

  3. Use Case: Applications involving tasks with high-priority interrupts or extensive memory operations may trigger these vulnerabilities.

  4. Reproduction Steps:

  • Set up a project using FreeRTOS v10.3.1 on STM32CubeIDE v1.17.0 with the STM32Cube MCU Package for STM32L4 Series 1.18.1.

Additional context

Looking at the STM32 Github repo stm32-mw-freertos repository FreeRTOS v10.6.2 is already available. This version includes fixes for the mentioned vulnerabilities. I am happy to assist with testing or integration if needed.

Screenshots

Not applicable for this issue.
@edsonms
Copy link

edsonms commented Jan 15, 2025

I have the same issue. Can't find a way to upgrade FreeRTOS to v10.6.2 on STM32CubeMx. Version v10.3.1 as explained on the ticket has cybersecurity vulnerabilities.

@ALABSTM ALABSTM self-assigned this Jan 17, 2025
@ALABSTM ALABSTM added bug Something isn't working spotted before customer Spotted internally before being pointed out by the user but not yet fixed or published mw Middleware-related issue or pull-request. rtos Real-Time Operating System labels Jan 17, 2025
@ALABSTM
Copy link
Contributor

ALABSTM commented Jan 17, 2025

Hi @eduardoaugustojulio,

Thank you for having reported. We are already aware of this point and are working on it. By the way, please note such topics related to vulnerabilities shall be reported elsewhere, as explained in the SECURITY.md file.

With regards,

@ALABSTM ALABSTM moved this from To do to Analyzed in stm32cube-mcu-fw-dashboard Jan 17, 2025
@ALABSTM
Copy link
Contributor

ALABSTM commented Jan 30, 2025

ST Internal Reference: 190676

@ALABSTM ALABSTM added the internal bug tracker Issue confirmed and logged into the internal bug tracking system label Jan 30, 2025
@ALABSTM
Copy link
Contributor

ALABSTM commented Jan 30, 2025

Hi @eduardoaugustojulio and @edsonms,

Our teams are working on upgrading to the new FreeRTOS version. This may take time. We cannot share a date for the moment. I will keep you informed.

With regards,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ALABSTM ALABSTM

Labels
bug Something isn't working internal bug tracker Issue confirmed and logged into the internal bug tracking system mw Middleware-related issue or pull-request. rtos Real-Time Operating System spotted before customer Spotted internally before being pointed out by the user but not yet fixed or published
Projects
stm32cube-mcu-fw-dashboard
Status: Analyzed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eduardoaugustojulio @edsonms @ALABSTM