This report is an overview of a series of vulnerabilities discovered by Microsoft’s Section 52 research team, which they have labeled “BadAlloc”. More than 25 critical memory allocation vulnerabilities affecting various consumer, industrial, and medical IoT and OT devices have been identified. Successful exploitation of these vulnerabilities may give a malicious actor the ability to inject or execute remote code or cause the system to crash. CISA has posted an advisory that provides an up-to-date list of vulnerabilities, affected products and vendor-supplied patches.
“BadAlloc” consists of multiple remote code execution (RCE) vulnerabilities that have affected various products including consumer and medical IoT, Industrial IoT, Operational Technology (OT), and industrial control systems. The issue exists in the standard memory allocation functions within real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. Microsoft’s research team found that memory allocation implementations written for IoT devices and embedded software have not been using proper input validations.
The vulnerabilities were observed during the usage of memory functions such as malloc, calloc, realloc, valloc, pvalloc, etc. Memory allocation vulnerabilities may be exploited by calling the memory allocation function with a value large enough to trigger an integer overflow or wraparound. An integer overflow or wraparound can occur when an integer value is too large to store in the associated representation. This may give an attacker the ability to create infinite loops causing the system to crash or trigger buffer overflows which can be used to execute arbitrary code. The CVE's listed below have been given to these vulnerabilities. Any additional BadAlloc vulnerabilities will be listed in the ICS Advisory (ICSA-21-119-04) which can be found on the CISA website (a link to this advisory is listed in the Supporting Documents section of this report).
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.