VDB
CVE-2024-28115
CVE-2024-28115
PUBLISHED
CVSS 8.800000190734863 HIGH
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.
EPSS 0.04% · 10.9th percentile
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.04%
10.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| FreeRTOS | FreeRTOS-Kernel | * |
| amazon | freertos | 0 |
| freertos | freertos-kernel | 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Mar 7, 2024 CVE Published
- Mar 8, 2024 EPSS Score
- Apr 3, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- May 26, 2024 EPSS Score
- Jun 21, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Aug 12, 2024 EPSS Score
- Aug 28, 2024 CVE Updated
- Sep 8, 2024 EPSS Score
- Oct 4, 2024 EPSS Score