Wind River Support Network

HomeSafety and Security NoticesWind River VxWorks 20210319 Security Alert for CVE-2020-35198
Recommended

Wind River VxWorks 20210319 Security Alert for CVE-2020-35198

Released: Mar 19, 2021     Updated: Aug 31, 2021

Summary

Possible buffer overflow conditions in cacheDmaMalloc()/cacheArchDmaMalloc()/mmap64().

Affected Product Versions

Products, VxWorks 7 SR0520, VxWorks 7 SR0510, VxWorks 7 SR0610, Helix Virtualization Platform SR0640, VxWorks 7 SR0600, VxWorks 7 SR0640, VxWorks 7 SR0630, VxWorks 7 SR0620, VxWorks 7 SR0530, VxWorks 6.9, VxWorks 7 SR0540, VxWorks 7 SR0660, VxWorks 7 SR0650, VxWorks 7 SR0541

CVEs

Description

CVE-2020-35198

The APIs cacheDmaMalloc()/cacheArchDmaMalloc()/mmap64() align the size of the requested buffer with the memory page size of the target platform. If the requested size is large enough to cause integer overflow by the alignment calculation, a valid pointer to a buffer that is smaller than the requested size is returned, opening the door to use for heap overflow attacks.

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube