CVE-2021-27504
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Texas Instruments | CC32XX | 0 < 4.40.00.07 | affected |
| Texas Instruments | SimpleLink MSP432E4XX | all versions | affected |
| Texas Instruments | SimpleLink-CC13XX | 0 < 4.40.00 | affected |
| Texas Instruments | SimpleLink-CC26XX | 0 < 4.40.00 | affected |
| Texas Instruments | SimpleLink-CC32XX | 0 < 4.10.03 | affected |
Weaknesses
- CWE-190: CWE-190: Integer Overflow or Wraparound
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.