len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-08-20 10:08:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

Remove local stack variable form MPU wrappers

Browse source 
It was possible for a third party that had already independently gained
the ability to execute injected code to achieve further privilege
escalation by branching directly inside a FreeRTOS MPU API wrapper
function with a manually crafted stack frame. This commit removes the
local stack variable `xRunningPrivileged` so that a manually crafted
stack frame cannot be used for privilege escalation by branching
directly inside a FreeRTOS MPU API wrapper.

We thank Certibit Consulting, LLC, Huazhong University of Science and
Technology and the SecLab team at Northeastern University for reporting
this issue.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
This commit is contained in:
Gaurav Aggarwal 2022-09-07 14:57:37 +05:30 committed by Gaurav-Aggarwal-AWS
parent c2d616eaee
commit 79704b8213
7 changed files with 1693 additions and 490 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/lexicon.txt vendored
View file

@ -2547,7 +2547,6 @@ vportgetheapstats
vportinitialiseblocks
vportisrstartfirststask
vportraisebasepri
vportresetprivilege
vportsetmpuregistersetone
vportsetuptimerinterrupt
vportstartfirststask
@ -2872,7 +2871,6 @@ xperiod
xportgetcoreid
xportgetfreeheapsize
xportinstallinterrupthandler
xportraiseprivilege
xportregistercinterrupthandler
xportregisterdump
xportstartfirsttask