Vulnerability Description
Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silabs | Micrium Os | <= 5.10.1 |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://www.silabs.com/developers/micrium-osProductVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://www.silabs.com/developers/micrium-osProductVendor Advisory
FAQ
What is CVE-2021-27411?
CVE-2021-27411 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitra...
How severe is CVE-2021-27411?
CVE-2021-27411 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27411?
Check the references section above for vendor advisories and patch information. Affected products include: Silabs Micrium Os.