First published: Mon Jan 24 2022(Updated: )
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mediatek Linkit Software Development Kit | <4.6.1 | |
Amazon FreeRTOS | ||
Apache NuttX | ||
ARM CMSIS-RTOS2 | ||
Arm Mbed OS | ||
Arm Mbed ualloc | ||
QNX | ||
BlackBerry QNX OS for Safety | ||
BlackBerry QNX OS for Medical | ||
QNX | ||
Mongoose OS | ||
eCosCentric eCosPro RTOS | ||
Google Cloud IoT Device SDK | ||
MediaTek LinkIt SDK | ||
Micrium OS | ||
Micrium uC/OS | ||
NXP MCUXpresso SDK | ||
NXP MQX | ||
newlib | ||
RIOT OS | ||
Samsung Tizen RT | ||
TencentOS-tiny | ||
Texas Instruments SimpleLink CC32XX | ||
Texas Instruments SimpleLink MSP432E4 SDK | ||
Texas Instruments SimpleLink CC13X2 SDK | ||
Texas Instruments SimpleLink CC26XX | ||
Texas Instruments SimpleLink CC32XX | ||
uClibc | ||
Wind River VxWorks | ||
Zephyr Project RTOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-30636 is considered high due to the potential for memory corruption leading to denial of service or arbitrary code execution.
To mitigate CVE-2021-30636, upgrade to MediaTek LinkIt SDK version 4.6.1 or later, or apply the recommended patches from the vendor.
MediaTek LinkIt SDK versions prior to 4.6.1 are affected by CVE-2021-30636.
Yes, CVE-2021-30636 impacts various software including Amazon FreeRTOS, Apache Nuttx OS, and several ARM and QNX products.
CVE-2021-30636 is associated with memory corruption vulnerabilities due to integer overflow during memory allocation.