Privilege Escalation in FreeRTOS by Amazon Web Services

CVE-2021-43997

What is CVE-2021-43997?

FreeRTOS versions 10.2.0 to 10.4.5 are susceptible to privilege escalation due to improper validation, allowing non-kernel code to call the xPortRaisePrivilege function and manipulate the system's privilege levels. In versions up to 10.4.6, attackers could exploit this flaw with crafted stack frames to further escalate privileges via the FreeRTOS MPU API. This impacts systems utilizing ARMv7-M and ARMv8-M with MPU support enabled. The vulnerability has been addressed in FreeRTOS version 10.5.0 and in version 10.4.3-LTS Patch 3.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References