What is the severity of CVE-2024-28115?

CVE-2024-28115 is categorized as a high-severity vulnerability due to the potential for local privilege escalation.

How do I fix CVE-2024-28115?

To mitigate CVE-2024-28115, update FreeRTOS Kernel to version 10.6.2 or later.

What versions of FreeRTOS are affected by CVE-2024-28115?

CVE-2024-28115 affects FreeRTOS Kernel versions up to and including 10.6.1.

What is the exploit method for CVE-2024-28115?

CVE-2024-28115 can be exploited through Return Oriented Programming techniques if there is a code injection vulnerability.

Is remote exploitation possible with CVE-2024-28115?

CVE-2024-28115 requires local access to exploit, making remote exploitation unlikely.

Vulnerability/
CVE-2024-28115

high

8.8

CWE

284 94

EPSS

0.043%

7/3/2024

1/10/2024

CVE-2024-28115: Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

First published: Thu Mar 07 2024(Updated: )

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Amazon FreeRTOS	<10.6.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-28115?
CVE-2024-28115 is categorized as a high-severity vulnerability due to the potential for local privilege escalation.
How do I fix CVE-2024-28115?
To mitigate CVE-2024-28115, update FreeRTOS Kernel to version 10.6.2 or later.
What versions of FreeRTOS are affected by CVE-2024-28115?
CVE-2024-28115 affects FreeRTOS Kernel versions up to and including 10.6.1.
What is the exploit method for CVE-2024-28115?
CVE-2024-28115 can be exploited through Return Oriented Programming techniques if there is a code injection vulnerability.
Is remote exploitation possible with CVE-2024-28115?
CVE-2024-28115 requires local access to exploit, making remote exploitation unlikely.

agent/title
agent/references
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/author
agent/event
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/amazon
canonical/amazon freertos

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.