"BadAlloc" and Keil RTX5

Recently, Microsoft’s Section 52, the Azure Defender for IoT security research group, uncovered critical memory allocation vulnerabilities in real-time operating systems that adversaries could exploit to bypass security controls, called "BadAlloc". In the original ICS advisory, filed with the US Cybersecurity & Infrastructure Security Agency, the problem was also reported for CMSIS-RTOS v2 API.

Arm takes vulnerabilities very seriously and we work across the industry on security and safety topics, such as the Platform Security Architecture that aims to make IoT devices overall more secure. Our engineers took a closer look at the reported issue and applied a patch that overcomes the problem.

A patch is available

The patch has been released today and users of the CMSIS-RTOS v2 based Keil RTX5 need to be aware of the following:

• The vulnerability is not present in the CMSIS-RTOS v2 API as such. It is part of the implementation that Keil RTX5 is providing.
• The potential issue is present in an internal function of Keil RTX5 that is not intended to be used by software developers directly.
• This function osRtxMemoryAlloc is used in the various object creation functions (such as osThreadNew) that are supposed to be used by the application developer.
• The patch ensures that the object creation functions use osRtxMemoryAlloc in a way that the ‘size’ parameter is never a large value (>=0xFFFFFFF8U) and no wrap-around is possible.

Currently, we are working on the next release of our FuSa RTS (v1.1) that is based on Keil RTX5. This release already contains this patch so that users of our functional safety qualified run-time system can ensure that their applications are safe and secure.

Review the patch on GitHub