AM3352: Inquiry about “BadAlloc” Vulnerability

Takayuki Miyazaki

Part Number: AM3352

Hi Experts,

Long time ago, our customer developed their system with AM3352/Linux SDK v05.04.01.00(Kernel 3.2). Recently, customer noticed the following Vulnerability report. Therefore, customer is asking if TI Linux SDK (v05.04.01.00 [Kernel 3.2] and latest version, v06.03.00.106[Kernel 4.19.94] ) has this Vulnerability issue or not.

Can I have your Expert’s advice/comments on this, please?

https://www.securityweek.com/badalloc-microsoft-flags-major-security-holes-ot-iot-devices

https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

best regards,

Miyazaki

over 5 years ago

0 Bin Liu over 5 years ago

TI__Guru**** 179121 points

Hi Miyazaki-san,

I don't see any Linux version is listed in the vulnerability report.

0 Takayuki Miyazaki over 5 years ago in reply to Bin Liu

TI__Genius 10120 points

Hi Bin,

According to above vulnerability report., Linux version is not listed, as you mentioned.

Can we say AM335x’s Linux SDK does not have this vulnerability-issue ?

It seems, customer would like to get TI’s comments on this

Best regards,

Miyazaki

+1 Bin Liu over 5 years ago in reply to Takayuki Miyazaki

TI__Guru**** 179121 points

Hi Miyazaki-san,

In my understanding of this advisory, it is about a vulnerability in memory allocation, which sits in libc libraries and kernel in Linux. If Linux is not listed, I don't think AM335x Linux SDK is affected, as TI doesn't introduce new memory allocation infrastructure.

0 Takayuki Miyazaki over 5 years ago in reply to Bin Liu

TI__Genius 10120 points

Hi Bin,

Thank you for your comments on this. we'll share your comments.

I really appreciate your help.

Best regards, Miyazaki

Processors

Processors forum

AM3352: Inquiry about “BadAlloc” Vulnerability