CVE Published: 03/05/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: icscert |
Vendor: ARM |
Product: CMSIS RTOS2 Status : PUBLISHED
CVE-2021-27431 Description
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
Metrics
CVSS Version: 3.1 |
Base Score: 7.3 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L