On December 8th 2020, a comprehensive report – also referred to as “AMNESIA:33” – was released by Forescout that outlines 10 vulnerabilities found in the PicoTCP TCP/IP stack
PicoTCP is available as a commercial product distributed by Altran (http://picotcp.altran.be) in its latest version 1.7.0, and it is also available as an open source project maintained in https://github.com/virtualsquare/picotcp referenced as PicoTCP-NG.
The commercial variant of PicoTCP is included in the TRENTOS-M SDK of HENSOLDT Cyber. HENSOLDT Cyber investigated these vulnerabilities in cooperation with the German Federal Office for Information Security (BSI). Two out of ten mentioned vulnerabilties affect the TRENTOS-M SDK V1.0.
Due to the architecture of TRENTOS-M using the formally verified seL4 microkernel, the impact of the vulnerabilities is further reduced. Memory leaks, out-of-bounds memory accesses and possible information leaks are restricted to the affected component and cannot reach out to other parts of the system.
Background information about how microkernel architectures can inherently mitigate effects of vulnerabitities can be found in: https://ts.data61.csiro.au/publications/csiro_full_text/Biggs_LH_18.pdf
HENSOLDT Cyber patched CVE-2020-24337 and CVE-2020-24341 in the TRENTOS-M SDK V1.1. For TRENTOS-M SDK V1.0 patches are available. The fixes were checked and confirmed by the security researches that discovered the vulnerabilities.
Customers of TRENTOS-M SDK have been informed about the vulnerablities and available patches.
More details can be found at: https://www.forescout.com/amnesia33/
For general support regarding TRENTOS-M contact support@hensoldt-cyber.de
For reporting of vulnerablities or for further information regarding publisehd vulnerabilities please contact: incidents@hensoldt-cyber.de