Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

FreeRTOS affected by 13 vulnerabilities in its TCP/IP stack

Save for later
  • 2 min read
  • 23 Oct 2018

article-image

FreeRTOS, a popular real-time operating system kernel for embedded devices, is found to have 13 vulnerabilities, as reported by Bleeping Computers yesterday. A part of these 13 vulnerabilities results in flaws in its remote code execution.

FreeRTOS supports more than 40 hardware platforms and powers microcontrollers in a diverse range of products including temperature monitors, appliances, sensors, fitness trackers, and any microcontroller-based devices. Although it works at a smaller component scale, it lacks the complexity that comes with more elaborate hardware. However, it allows processing of data as it comes in.

A researcher at Zimperium, Ori Karliner, analyzed the operating system and found that all of its varieties are vulnerable to:

  • 4 remote code execution bugs,
  • 1 denial of service,
  • 7 information leak, and
  • another security problem which is yet undisclosed


Here’s a full list of the vulnerabilities and their identifiers, that affect FreeRTOS:







Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime










CVE-2018-16522 Remote Code Execution
CVE-2018-16525 Remote Code Execution
CVE-2018-16526 Remote Code Execution
CVE-2018-16528 Remote Code Execution
CVE-2018-16523 Denial of Service
CVE-2018-16524 Information Leak
CVE-2018-16527   Information Leak
CVE-2018-16599 Information Leak
CVE-2018-16600 Information Leak
CVE-2018-16601 Information Leak
CVE-2018-16602 Information Leak
CVE-2018-16603 Information Leak
CVE-2018-16598 Other

FreeRTOS versions affected by the vulnerability


FreeRTOS versions up to V10.0.1, AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) are affected.

Amazon has been notified of the situation. In response to this, the company has released patches to mitigate the problems.

Per the report, “Amazon decided to become involved in the development of the product for the Internet-of-Things segment. The company extended the kernel by adding libraries to support cloud connectivity, security and over-the-air updates.”

According to Bleeping Computers, “Zimperium is not releasing any technical details at the moment. This is to allow smaller vendors to patch the vulnerabilities. The wait time expires in 30 days.”

To know more about these vulnerabilities in detail, visit the full coverage by Bleeping Computers.

NSA researchers present security improvements for Zephyr and Fucshia at Linux Security Summit 2018

How the Titan M chip will improve Android security

EFF kicks off its Coder’s Rights project with a paper on protecting security researchers’ rights