Page 1 of 1
Regarding BadAlloc – Memory allocation vulnerabilities
Posted: Thu Oct 14, 2021 1:49 am
by axellin
Re: Regarding BadAlloc – Memory allocation vulnerabilities
Posted: Sat Oct 16, 2021 3:23 am
by axellin
I think the impacted components in esp-idf are FreeRTOS and newlib.
For FreeRTOS, I can find upstream fixes merged to esp-idf.
CVE-2021-31571
https://github.com/FreeRTOS/FreeRTOS-Ke ... f81d7c4837
v4.3: 658a0acdbef252928054f6f7feb6bb01462864ae
CVE-2021-31572
https://github.com/FreeRTOS/FreeRTOS-Ke ... 34ae44db5b
v4.3: d30ec8c94e94625fd39518162df162c9cac95673
For newlib, I'm not sure if this is fixed in esp-idf or not.
CVE-2021-3420
https://nvd.nist.gov/vuln/detail/CVE-2021-3420
https://bugzilla.redhat.com/show_bug.cgi?id=1934088
Maybe it's not impacted because esp-idf uses TLSF allocator?
Can someone from espressif confirm this?
Re: Regarding BadAlloc – Memory allocation vulnerabilities
Posted: Mon Oct 18, 2021 12:52 am
by ESP_Sprite
Thanks for waiting - I'm decently sure I remember we handled this, but I'll poke the security team to figure out the details.
EDIT: Seems we did fix these issues (although only some were applicable to our codebase) however an advisory is still in the pipeline. Will post here as soon as it's released.
Re: Regarding BadAlloc – Memory allocation vulnerabilities
Posted: Thu Oct 21, 2021 8:52 am
by axellin
If it needs longer time to release official advisory, can you please confirm if all fixes are
already included in current esp-idf tree?
If it takes time to fix issues, that's fine.
But I want to know if current esp-idf tree is ok or additional fixes are required to merge?
Re: Regarding BadAlloc – Memory allocation vulnerabilities
Posted: Fri Oct 22, 2021 8:16 am
by ESP_Sprite
It's fixed in master, 4.3, 4.2.2 and later (for the 4.2 branch), 4.1.2 (for the 4.1 branch), 4.0.3 (for the 4.0 branch); additionally it will be fixed in 3.3.6 (for the 3.3 branch).
Re: Regarding BadAlloc – Memory allocation vulnerabilities
Posted: Wed Oct 27, 2021 1:00 pm
by axellin