Regarding BadAlloc – Memory allocation vulnerabilities

axellin
Posts: 197
Joined: Mon Sep 17, 2018 9:09 am

Regarding BadAlloc – Memory allocation vulnerabilities

Postby axellin » Thu Oct 14, 2021 1:49 am

Is the ESP-IDF impacted by "BadAlloc" vulnerabilities?
If yes, do you have fix for it?

https://searchsecurity.techtarget.com/n ... OT-devices
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

axellin
Posts: 197
Joined: Mon Sep 17, 2018 9:09 am

Re: Regarding BadAlloc – Memory allocation vulnerabilities

Postby axellin » Sat Oct 16, 2021 3:23 am

I think the impacted components in esp-idf are FreeRTOS and newlib.

For FreeRTOS, I can find upstream fixes merged to esp-idf.
CVE-2021-31571
https://github.com/FreeRTOS/FreeRTOS-Ke ... f81d7c4837

v4.3: 658a0acdbef252928054f6f7feb6bb01462864ae

CVE-2021-31572
https://github.com/FreeRTOS/FreeRTOS-Ke ... 34ae44db5b

v4.3: d30ec8c94e94625fd39518162df162c9cac95673

For newlib, I'm not sure if this is fixed in esp-idf or not.
CVE-2021-3420
https://nvd.nist.gov/vuln/detail/CVE-2021-3420
https://bugzilla.redhat.com/show_bug.cgi?id=1934088

Maybe it's not impacted because esp-idf uses TLSF allocator?
Can someone from espressif confirm this?

ESP_Sprite
Posts: 8921
Joined: Thu Nov 26, 2015 4:08 am

Re: Regarding BadAlloc – Memory allocation vulnerabilities

Postby ESP_Sprite » Mon Oct 18, 2021 12:52 am

Thanks for waiting - I'm decently sure I remember we handled this, but I'll poke the security team to figure out the details.

EDIT: Seems we did fix these issues (although only some were applicable to our codebase) however an advisory is still in the pipeline. Will post here as soon as it's released.

axellin
Posts: 197
Joined: Mon Sep 17, 2018 9:09 am

Re: Regarding BadAlloc – Memory allocation vulnerabilities

Postby axellin » Thu Oct 21, 2021 8:52 am

If it needs longer time to release official advisory, can you please confirm if all fixes are
already included in current esp-idf tree?

If it takes time to fix issues, that's fine.
But I want to know if current esp-idf tree is ok or additional fixes are required to merge?

ESP_Sprite
Posts: 8921
Joined: Thu Nov 26, 2015 4:08 am

Re: Regarding BadAlloc – Memory allocation vulnerabilities

Postby ESP_Sprite » Fri Oct 22, 2021 8:16 am

It's fixed in master, 4.3, 4.2.2 and later (for the 4.2 branch), 4.1.2 (for the 4.1 branch), 4.0.3 (for the 4.0 branch); additionally it will be fixed in 3.3.6 (for the 3.3 branch).

axellin
Posts: 197
Joined: Mon Sep 17, 2018 9:09 am

Re: Regarding BadAlloc – Memory allocation vulnerabilities

Postby axellin » Wed Oct 27, 2021 1:00 pm


Who is online

Users browsing this forum: No registered users and 131 guests