The Cybersecurity and Infrastructure Security Agency (CISA) has published advisory ICSA-21-119-04 about vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. Those operating systems and libraries are widely used in smart, Internet-connected “things”. The number of affected devices could be enormous.
As is the fashion these days, the collection of vulnerabilities has been given a name: BadAlloc. CISA has assigned a vulnerability score of 9.8 out of a maximum of 10 for the BadAlloc vulnerabilities and has urged organizations to address these issues as soon as possible.