Vulnerability Description
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Freertos | 10.4.1 |
| Ti | Simplelink Cc13Xx Software Development Kit | < 4.40.00 |
| Ti | Simplelink Cc26Xx Software Development Kit | < 4.40.00 |
| Ti | Simplelink Cc32Xx Software Development Kit | < 4.10.03 |
| Ti | Simplelink Msp432E401Y | - |
| Ti | Simplelink Msp432E411Y | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://www.ti.com/tool/TI-RTOS-MCUProduct
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://www.ti.com/tool/TI-RTOS-MCUProduct
FAQ
What is CVE-2021-27504?
CVE-2021-27504 is a vulnerability with a CVSS score of 7.4 (HIGH). Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, ...
How severe is CVE-2021-27504?
CVE-2021-27504 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27504?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Freertos, Ti Simplelink Cc13Xx Software Development Kit, Ti Simplelink Cc26Xx Software Development Kit, Ti Simplelink Cc32Xx Software Development Kit, Ti Simplelink Msp432E401Y.