CVE-2021-27504

HIGH

Amazon FreeRTOS - Integer Overflow in malloc

Title source: llm

Description

Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code execution.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04

Product

https://www.ti.com/tool/TI-RTOS-MCU

Scores

CVSS v3 7.4

EPSS 0.0009

EPSS Percentile 24.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (6)

amazon/freertos 10.4.1

ti/simplelink_cc13xx_software_development_kit < 4.40.00

ti/simplelink_cc26xx_software_development_kit < 4.40.00

ti/simplelink_cc32xx_software_development_kit < 4.10.03

ti/simplelink_msp432e401y

ti/simplelink_msp432e411y

Published Nov 21, 2023

Tracked Since Feb 18, 2026