CVE-2020-35198 – CVE-2020-35198 is a critical integer overflow v... (How to Fix)

Q: What is the severity of CVE-2020-35198?

CVE-2020-35198 has a CVSS score of 9.8 (CRITICAL). CVE-2020-35198 is a critical integer overflow vulnerability in Wind River VxWorks 7's memory allocator that allows attackers to cause memory corruption. This affects systems running VxWorks 7, potentially leading to remote code execution or denial of service. Organizations using VxWorks 7 in embedded systems, IoT devices, or industrial control systems are at risk.

📋 TL;DR

CVE-2020-35198 is a critical integer overflow vulnerability in Wind River VxWorks 7's memory allocator that allows attackers to cause memory corruption. This affects systems running VxWorks 7, potentially leading to remote code execution or denial of service. Organizations using VxWorks 7 in embedded systems, IoT devices, or industrial control systems are at risk.

💻 Affected Systems

Products:

Wind River VxWorks 7

Versions: VxWorks 7 versions prior to SR0620

Operating Systems: VxWorks 7

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the calloc() function implementation in VxWorks 7 memory allocator. Embedded systems using VxWorks 7 are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to execute arbitrary code with highest privileges.

🟠

Likely Case

Denial of service through system crashes or instability, potentially disrupting critical operations in embedded systems.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations, though memory corruption could still cause instability.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical remote exploitability without authentication.

🏢 Internal Only: HIGH - Even internally, this vulnerability could be exploited by malicious insiders or through lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

While no public PoC exists, the high CVSS score and integer overflow nature suggest reliable exploitation is feasible. Attackers would need to trigger specific memory allocation patterns.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: VxWorks 7 SR0620 and later

Vendor Advisory: https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198

Restart Required: Yes

Instructions:

1. Download VxWorks 7 SR0620 or later from Wind River support portal. 2. Apply the update following Wind River's patch deployment procedures. 3. Rebuild and redeploy affected VxWorks images. 4. Restart all affected systems.

🔧 Temporary Workarounds

Memory allocation monitoring

all

Implement runtime monitoring for abnormal calloc() usage patterns

Network isolation

all

Isolate VxWorks systems from untrusted networks using firewalls and segmentation

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check VxWorks version: In VxWorks shell, run 'version' command and verify if version is prior to SR0620.

Check Version:

version

Verify Fix Applied:

After patching, verify version is SR0620 or later using 'version' command and test memory allocation functions.

📡 Detection & Monitoring

Log Indicators:

System crashes or reboots
Memory allocation errors in system logs
Abnormal process termination

Network Indicators:

Unexpected network traffic to VxWorks systems
Connection attempts to unusual ports

SIEM Query:

source="vxworks" AND (event_type="crash" OR event_type="memory_error" OR message="*calloc*")

📊 Metadata

CVE ID: CVE-2020-35198

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: May 12, 2021

Last Updated: November 21, 2024

🔗 References

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198 Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch,Third Party Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198 Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35198, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Communications Eagle by Oracle

Communications Eagle by Oracle

Communications Eagle by Oracle

Vxworks by Windriver

Vxworks by Windriver

Vxworks by Windriver

Vxworks by Windriver

Vxworks by Windriver

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Memory allocation monitoring

Network isolation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities