Real Time Engineers FreeRTOS+FAT 160919a Use After Free Vulnerability

Summary

Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c.

Credit:

The information has been provided by Richard 

The original article can be found at:https://sourceforge.net/p/freertos/bugs/199/

 


Details

The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().

 

Vulnerable Systems:

Real Time Engineers FreeRTOS+FAT 160919a 

 

CVE Information:

CVE-2019-18178

Disclosure Timeline:
Published Date: 11/04/2019