ARM CMSIS RTOS2 Integer Overflow or Wraparound

CVE-2021-27431

7.3HIGH

Key Information

Vendor: Arm
Status: Cmsis Rtos2
Vendor: CVE Published:; 3 May 2022

Summary

ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.

Affected Version(s)

CMSIS RTOS2 < 2.1.3

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.3 - (HIGH)
Feb 22, 2024
Vulnerability published.
May 3, 2022
Vulnerability Reserved.
Feb 19, 2021

Collectors

NVD DatabaseMitre Database

Credit

David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.