CVE-2024-28115 - Vulnerability Details - OpenCVE

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Amazon	Freertos

Configuration 1 [-]

cpe:2.3:o:amazon:freertos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2
https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r

History

Tue, 01 Oct 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amazon Amazon freertos
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:amazon:freertos::::::::
Vendors & Products		Amazon Amazon freertos

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-07T20:54:00.743Z

Updated: 2024-08-28T17:42:09.830Z

Reserved: 2024-03-04T14:19:14.059Z

Link: CVE-2024-28115

Vulnrichment

Updated: 2024-08-02T00:48:49.237Z

NVD

Status : Modified

Published: 2024-03-07T21:15:08.567

Modified: 2024-11-21T09:05:50.867

Link: CVE-2024-28115

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28115", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.059Z", "datePublished": "2024-03-07T20:54:00.743Z", "dateUpdated": "2024-08-28T17:42:09.830Z"}, "containers": {"cna": {"title": "Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"}, {"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"}], "affected": [{"vendor": "FreeRTOS", "product": "FreeRTOS-Kernel", "versions": [{"version": "< 10.6.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-07T20:54:00.743Z"}, "descriptions": [{"lang": "en", "value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "}], "source": {"advisory": "GHSA-xcv7-v92w-gq6r", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.237Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"}, {"name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"}]}, {"affected": [{"vendor": "freertos", "product": "freertos-kernel", "cpes": ["cpe:2.3:o:freertos:freertos-kernel:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "10.6.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-08T19:12:30.872230Z", "id": "CVE-2024-28115", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T17:42:09.830Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r", "name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2", "name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.237Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28115", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-08T19:12:30.872230Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:freertos:freertos-kernel:*:*:*:*:*:*:*:*"], "vendor": "freertos", "product": "freertos-kernel", "versions": [{"status": "affected", "version": "0", "lessThan": "10.6.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T17:42:02.912Z"}}], "cna": {"title": "Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled", "source": {"advisory": "GHSA-xcv7-v92w-gq6r", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FreeRTOS", "product": "FreeRTOS-Kernel", "versions": [{"status": "affected", "version": "< 10.6.2"}]}], "references": [{"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r", "name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2", "name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-07T20:54:00.743Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28115", "state": "PUBLISHED", "dateUpdated": "2024-08-28T17:42:09.830Z", "dateReserved": "2024-03-04T14:19:14.059Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-07T20:54:00.743Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amazon:freertos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BA95DB2-A48A-46A8-B589-F17236ECB4AC", "versionEndExcluding": "10.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "}, {"lang": "es", "value": "FreeRTOS es un sistema operativo en tiempo real para microcontroladores. Las versiones del kernel de FreeRTOS hasta la 10.6.1 no protegen suficientemente contra la escalada de privilegios locales a trav\u00e9s de t\u00e9cnicas de programaci\u00f3n orientada al retorno en caso de que exista una vulnerabilidad que permita la inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo. Estos problemas afectan a los puertos MPU ARMv7-M y a los puertos ARMv8-M con soporte de unidad protegida de memoria (MPU) habilitado (es decir, `configENABLE_MPU` establecido en 1). Estos problemas se solucionan en la versi\u00f3n 10.6.2 con un nuevo contenedor MPU."}], "id": "CVE-2024-28115", "lastModified": "2024-11-21T09:05:50.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-07T21:15:08.567", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"}, {"source": "security-advisories@github.com", "tags": ["Technical Description", "Vendor Advisory"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Vendor Advisory"], "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}