79704b8213
It was possible for a third party that had already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. This commit removes the local stack variable `xRunningPrivileged` so that a manually crafted stack frame cannot be used for privilege escalation by branching directly inside a FreeRTOS MPU API wrapper. We thank Certibit Consulting, LLC, Huazhong University of Science and Technology and the SecLab team at Northeastern University for reporting this issue. Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com> |
||
---|---|---|
.. | ||
78K0R | ||
ARM_CA5_No_GIC | ||
ARM_CA9 | ||
ARM_CM0 | ||
ARM_CM3 | ||
ARM_CM4F | ||
ARM_CM4F_MPU | ||
ARM_CM7 | ||
ARM_CM23 | ||
ARM_CM23_NTZ/non_secure | ||
ARM_CM33 | ||
ARM_CM33_NTZ/non_secure | ||
ARM_CM55 | ||
ARM_CM55_NTZ/non_secure | ||
ARM_CM85 | ||
ARM_CM85_NTZ/non_secure | ||
ARM_CRx_No_GIC | ||
ATMega323 | ||
AtmelSAM7S64 | ||
AtmelSAM9XE | ||
AVR32_UC3 | ||
AVR_AVRDx | ||
AVR_Mega0 | ||
LPC2000 | ||
MSP430 | ||
MSP430X | ||
RISC-V | ||
RL78 | ||
RX100 | ||
RX600 | ||
RX700v3_DPFPU | ||
RXv2 | ||
STR71x | ||
STR75x | ||
STR91x | ||
V850ES |